Introducing IntelliGRC 3.0

New Features

Check out our latest releases and updates to the platform.


Ensure your organization is properly handling Personal Health Information with our HIPAA cross-mapping.

The US Health Insurance Portability and Accountability Act (HIPAA) § 164 Subpart C framework controls are now available for evaluation in the core application. Whether you are dealing with patients and their data directly as a covered entity or accessing the data as a business associate, you need to comply with HIPAA. This framework seeks to ensure Protected Health Information (PHI) stays protected. PHI and electronic ePHI are considered more valuable than credit card information because this data often deals with medical records that do not change following a breach. The OCR keeps a list of breached organizations that you do not want to end up on.

We received many requests from our members and prospects/partners to add HIPAA to IntelliGRC. You now can cross-map your progress from any of our existing frameworks (ISO 27001, SOC 2, CMMC, NIST 800-171) to HIPAA and see how much you have already satisfied.

We are always looking for feedback on which framework should be added next and suggestions on optimizing IntelliGRC so please reach out if there is anything we can do to make your job easier.

Risk Register

Improve Risk Management in your environment at all severity levels.

IntelliGRC Risk Register helps increase your whole team’s situational awareness of risks in your environment. Identify the individuals who are responsible and accountable to properly understand the probability, severity, and associated consequences with a given risk. Assign values to risks and show how you are handling them whether you decide to accept, transfer, or mitigate.

Accept: The risk is low enough that the cost of mitigating is not warranted
Transfer: Cyber insurance can help offset the responsibility of certain risks
Mitigate: Dedicate resources to make sure the risk will not impact your environment.

ISO 27001

IntelliGRC now has ISO 27001 Security Controls!

ISO 27001 is now available in the core application. Relevant interview questions and assessment objectives are available in the Compliance section. You can add this to a current evaluation or start a brand new one with just ISO 27001 content. If you use it as part of a multi-framework evaluation, don't forget to adjust your Framework Views.


Multi-Framework Assessments

You can now perform evaluations using multiple frameworks.  When a Working Evaluation has multiple frameworks selected, the Intelligent Control Library determines what content (assessment objectives, controls, SPRS Score, etc.) is displayed from each framework. However, you can easily reconfigure your view to display content from a specific framework throughout all sections of the core app. A you change views from one framework to another, you can see how your progress is collectively advancing each separate framework.

Introducing SOC 2

AICPA TSC2017 (SOC 2) framework is coming based on popular demand. Along with CMMC 2.0 L1/L2 and NIST800-171 r2, our index of frameworks provides several security standards to evaluate information system boundaries. You can even add SOC 2 to your previously created evaluations. We will be announcing additional frameworks that are slated to be added in the immediate future! Stay tuned as we are In Search Of feedback for what frameworks will be added next.

Optimized Interview Question Workflow

The interview process in the core application has undergone a complete overhaul to be streamlined and efficient. Questions are now generated dynamically based on factors like what frameworks are in your Working Evaluation and responses to previous questions, removing redundant prompts and including only questions that matter to your selected framework(s). Questions now come in several formats like Yes/No or multiple choice so there is no more ambiguity about how to respond to them. You can also upload evidence directly to questions and save time on mapping them later.(*Check out the gif below)

Automatic Asset Tagging

Scoping information system boundaries has never been faster now that assets can have assigned categories. Some security standards use categories to organize assets. When creating or updating an Information System Profile associated with such a security standard, the core application will automatically add all assets in your inventory to the boundary.

Auto-Fill Validation Methods

Identifying and listing validation methods in the Gap Analysis for each objective in the SSP would take a significant amount of time. Now, the Validation Methods field has an Auto-Fill function that automatically populates this data. This reduces the time from one to two minutes per objective, to a few seconds!

*Interview Question Rework


File Export Format

One of the most tedious tasks of attestation is renaming and formatting evidence for submission to certifying organizations. With our new file export feature, you can get your evidence as is in the app or in DIBCAC format. The core application automatically renames and creates the appropriate folder structure for submission. This can save days of preparation work and effort. Additionally, exporting files includes an evidence matrix to help navigate the new format.


Scan Range

You can now view data from the Recon Agent scanning tool over the course of a 30-day period. Previously, only the most recent results were available to view. This gives a more comprehensive view of your compliance posture as it has changed over a period of time. You can also view data from specific days in the 30-day window.