BrickGRC is modular by design. Pick the frameworks you actually need to comply with, plug into the storage and identity tooling you already run, and bring your own AI keys so prompts and data stay on your account. Below is the complete list of bricks shipped today.
Each framework is a self-contained brick — controls, evidence templates, audit-ready reports. Activate one or six. Pricing scales with what you actually use.
All 93 Annex A controls (2022 revision), ISMS clauses 4–10, Statement of Applicability auto-generation, audit-ready exports for stage 1 and stage 2.
Type I and Type II support across the five trust services criteria. Continuous-monitoring evidence, auditor-friendly exports, framework crosswalk to ISO 27001.
Records of processing, lawful-basis tracking, data-subject-request workflow, sub-processor inventory, breach-notification timelines, DPA library.
Risk management, incident reporting, supply-chain due diligence, and the cybersecurity policy obligations under the NIS2 directive.
Risk-tier classification, conformity assessment, transparency obligations, post-market monitoring for AI systems under the EU AI Act.
The AI management system standard. Policy, risk, lifecycle controls, and evidence templates aligned to ISO/IEC 42001:2023.
BrickGRC layers over the document infrastructure you already run. Evidence, policies and audit artifacts can stay in your environment — no forced migration into a proprietary silo.
Native SharePoint Online storage backend. Documents, evidence and policies live in your existing SharePoint sites with the access controls you've already configured.
Azure Blob Storage as the document backend. Region selection and lifecycle policies remain under your control.
S3-compatible storage backend. Bring your own AWS account, KMS keys, and lifecycle rules.
Google Workspace Drive integration for teams already standardised on Google.
Dropbox Business backend, with shared-folder permissions inherited.
Self-hosted Nextcloud as a backend — for organisations that want EU-resident, customer-owned storage.
Provision users from your directory, sign in through your identity provider. No separate user management for compliance.
User and group sync via Microsoft Graph API. Conditional access and your existing role policies pass through.
Directory sync and SSO. Provision and de-provision compliance users alongside the rest of your stack.
Workspace directory sync with group-based role mapping.
Generic SAML support — works with any compliant identity provider (Ping, OneLogin, Auth0, JumpCloud, …).
Generic OpenID Connect support for modern identity providers.
BrickGRC's AI Coach runs against the LLM key you provide. Prompts and evidence go through your provider relationship, your data-isolation rules, and your billing — never shared between tenants, never marked up.
GPT-4 / GPT-4o family. Custom baseURL supported, so OpenAI-compatible gateways and Azure OpenAI deployments work too.
Claude Sonnet, Opus, Haiku families. Bring your Anthropic API key.
Gemini 2.5 Flash / Pro. Bring your Google AI Studio or Vertex AI key.
Command and Embed model families.
Mistral Large, Medium, Small. Open-weight models supported via Mistral's API.
Every change — who, what, when, before/after — is captured at field level for every entity. Immutable trail for the auditor and the regulator.
Integration credentials (storage backends, AI keys, identity providers) are encrypted before persistence. Operators cannot read them in cleartext.
Your AI prompts, evidence, and policies are scoped to your tenant. No cross-customer model training. No shared embedding indexes.
A 15-minute demo is the fastest way to see how the bricks combine for your stack — your frameworks, your storage, your identity provider, your AI keys.