January 2026
New features & updates
New Incident Management Module: Identify. Resolve. Prevent.
We've launched a universal Incident Management module designed to help organizations of any size transition from reactive firefighting to structured, audit-ready resolution. Whether you are dealing with a minor operational hiccup, a facility issue or a critical system outage, this module provides a standardized framework to capture, analyze and resolve disruptions across your entire business.
By centralizing incident data in grc360.ai, teams can eliminate fragmented email chains and spreadsheets, ensuring that every event is used as an opportunity to strengthen the organization.
Standardized Incident Reporting
Replace manual intake with a consistent, template-based reporting workflow that ensures no critical detail is missed.
- Universal Tracking: Every event is assigned an auto-generated ID creating a permanent record for internal reviews and external audits.
- Cross-Functional Collaboration: Notify and involve multiple departments—from Finance and HR to Operations and IT—ensuring the right experts are assigned to the right incidents.
- Visual Lifecycle Tracking: Follow every incident through clear stages based on your organizational workflows
Flexible Classification & Severity Mapping
Tailor the system to your specific organizational needs with customizable categories.
- Incident vs. Crisis: Define what constitutes a "business-as-usual" incident versus a major crisis that requires executive escalation.
- Internal & External Context: Easily tag the source of the issue, whether it's a human error, a vendor failure or an external environmental factor.
- Proactive "Near Miss" Tracking: Log "Near Miss" events to identify and fix weaknesses before they result in an actual loss.
Multi-Dimensional Impact
Quickly quantify the "so what" of any incident to prioritize resources effectively.
- Multi-Dimensional Impact: Evaluate how an event affects your finances, customer trust, and day-to-day operations using severity scales.
- Financial & Insurance Tracking: For incidents involving loss, you can now track estimated values and insurance coverage status directly within the record.
- Immediate Response: Document the "first responder" actions taken to stabilize the situation before moving into deeper analysis.
Automated Notifications & Communication
Communication is critical during a disruption. The platform now automatically triggers alerts to specific teams based on the severity and type of incident. This ensures that the right stakeholders stay informed in real-time, reducing response delays and keeping leadership updated without manual status reports.
Root Cause Analysis (RCA) & Preventive Actions
Ensure the same problem doesn't happen twice with integrated "Look Back" workflows.
- Assigned Investigations: Assign deep-dive analysis tasks to subject matter experts with clear deadlines.
- Evidence Centralization: Attach photos, logs, and documents directly to the incident file to build a complete "story" of the event for future reference.
- Actionable CAPA: Create and track Corrective and Preventive Actions (CAPA) with assigned owners and automated follow-ups to verify that the fix actually worked.
December 2025
New features & updates
New Incident Management Module: Identify. Resolve. Prevent.
We’ve launched the Business Continuity Management (BCM) module to help organizations build operational resilience and maintain uptime during disruptions. This module allows teams to identify critical processes, assess business impacts and digitize recovery plans in a centralized environment.
By linking BCM directly to your existing risk and policy workflows, GRC360.ai provides a "Digital Twin" of your continuity program, ensuring you remain compliant with ISO 22301 and SOC 2 requirements while reducing the manual overhead of traditional BIA spreadsheets.
Dynamic Business Impact Analysis (BIA) You can now create and update BIA assessments directly in the platform. The BIA engine allows you to rate impact categories—including Equipment, Technology, Internal/External Dependencies, and Human Resources—across configurable timeframes.
- Automated Metric Sync: MTPD (Maximum Tolerable Period of Disruption) and RTO (Recovery Time Objective) are automatically defined based on your impact analysis and synced to your process details.
- Custom Rating Criteria: MTPD (Maximum Tolerable Period of Disruption) and RTO (Recovery Time Objective) are automatically defined based on your impact analysis and synced to your process details.
Advanced Process Management & "My Processes" View
We’ve overhauled how business processes are defined to support deeper continuity logic.
- Contextual Visibility: When a process is marked as "Time Critical," the platform automatically surfaces MTPD and RTO fields. If not critical, these fields default to "Not Applicable" to reduce noise.
- Departmental Scoping: A new "My Processes" button allows department-specific users (e.g., Talent Acquisition) to filter and view only the processes relevant to their team, improving data privacy and focus.
Threat Risk Assessment (TRA) & Risk Register
The Risk Register now supports specialized BCM threat coverage, including Building, Technology, Equipment and HR unavailability.
- Dynamic Assessment Forms: The risk form now changes dynamically based on the threat classification, ensuring the right data is collected for different disruption types.
- Inherent & Residual Risk Automation: Risk scores are auto-calculated based on likelihood, impact level and control effectiveness.
- Threat Catalog: A new research-based catalog helps teams quickly identify and map relevant threats to their specific environment.
August 2025
New features & updates
Content for August 2025 will be added here.
July 2025
New features & updates
Content for July 2025 will be added here.