AMTIA GRC

Features

Eight integrated modules

Covering the entire GRC lifecycle, from risk identification to continuous compliance, including incident management and business continuity.

Compliance Management

Track your compliance across multiple frameworks simultaneously. The platform centralizes all your regulatory and standards-based obligations in a single location.

Simultaneous multi-framework tracking (ISO 27001, DNSSI v2, PCI DSS, GDPR, SOC 2, AI Act and more)
Automated gap analysis with non-compliance identification
Centralized compliance evidence collection and management
Complete audit trail with traceability for every change
Automatic cross-framework control mapping to eliminate duplication

Risk Management

Natively integrated EBIOS RM methodology for structured risk analysis compliant with ANSSI requirements. Systematically identify, assess, and treat your cyber risks.

Complete EBIOS RM methodology: 5 structured and guided workshops
Dynamic risk register with automated scoring
Interactive risk scenarios and threat mapping
Visual heat maps with likelihood and severity levels
Risk treatment plans and residual risk tracking

Audit Management

Plan, execute, and track your internal and external audits from a centralized interface. Manage the entire audit lifecycle, from annual programs to corrective actions.

Internal and external audit planning with integrated calendar
Annual audit programs with real-time progress tracking
Tracking of findings, non-conformities, and observations
Corrective and preventive actions (CAPA) with approval workflows
Evidence management with direct linkage to controls

Document Management

Centralize all your security policies, procedures, and documents. Manage the complete lifecycle of each document with rigorous version control.

Policy lifecycle management (creation, review, approval, publication)
Automatic version control and complete change history
Configurable multi-level approval workflows
Secure sharing and granular access control per document
Compliance template library and predefined models

Asset Management

Inventory and classify all your information assets. Understand dependencies and assess the business impact of each asset on your organization.

Comprehensive IT asset inventory (hardware, software, data, services)
Asset classification by confidentiality, integrity, and availability
Integrated Business Impact Analysis (BIA) for each critical asset
Visual asset mapping and interdependency charting
Dependency tracking and cascading impact analysis

Business Continuity

Ensure your organization's resilience in the face of crises. Manage your Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP) with proven recovery strategies.

Complete BCP/DRP management with structured templates
Business Impact Analysis (BIA) with RTO/RPO per process
Detailed recovery strategies and contingency plans
Planning and tracking of continuity exercises and recovery tests

Incident Management

Detect, qualify, and handle security incidents with structured workflows aligned with NIST SP 800-61. From detection to closure, every step is tracked and documented.

Configurable and automated incident response workflows
Escalation matrix with automatic notifications based on severity
Structured post-incident review and lessons learned documentation
NIST SP 800-61 alignment: Preparation, Detection, Containment, Eradication, Recovery

Dashboards & Reporting

Visualize your GRC posture in real time with dynamic dashboards. Generate executive reports for leadership and detailed reports for operational teams.

Real-time compliance dashboards with visual indicators
Automated executive reports for C-suite and board of directors
Role-based customizable security KPIs and metrics
Trend analysis and historical security posture tracking
Custom reports with PDF, DOCX, and Excel export

Frameworks

16+ supported frameworks

A comprehensive catalog of international standards, European regulations, and national requirements, natively integrated and kept up to date.

🌐

ISO 27001:2022

International

Information Security Management System. Requirements and Annex A controls.

🌐

ISO 27002:2022

International

Best practice guidance for information security controls. 93 structured controls.

🇺🇸

NIST CSF 2.0

USA

NIST Cybersecurity Framework. Govern, Identify, Protect, Detect, Respond, Recover functions.

🇲🇦

DNSSI v2.0

Morocco - DGSSI

National Information Systems Security Directive. Mandatory requirements in Morocco.

💳

PCI DSS v4.0

PCI Council

Payment Card Industry Data Security Standard. 12 principal requirements.

🇪🇺

RGPD / GDPR

Europe

General Data Protection Regulation. Data subject rights and controller obligations.

🇺🇸

SOC 2 Type II

AICPA

Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

🤖

EU AI Act

Europe

European regulation on artificial intelligence. Risk classification and category-based obligations.

🇫🇷

LPM

France - ANSSI

Military Programming Law. Security obligations for Operators of Vital Importance (OIV).

🇲🇦

Loi 05-20

Morocco

Moroccan cybersecurity law. Legal framework for information systems protection.

🎯

EBIOS RM

ANSSI - Risk

ANSSI risk analysis methodology. 5 workshops for a threat scenario-based approach.

🏭

IEC 62443

OT / ICS

Industrial control systems and SCADA security. Security levels and protection zones.

🇫🇷

RGS

France

General Security Framework. Security rules for French government agencies and public services.

🇪🇺

NIS2

Europe

European directive on network and information systems security. Extended obligations for essential entities.

🏦

DORA

Europe - Finance

Digital Operational Resilience Act. Digital resilience for the European financial sector.

🛡

CIS Controls

CIS - Best Practices

18 prioritized critical security controls. Defensive best practices for any organization.

Technical Capabilities

Modern Architecture

A secure architecture designed to meet the requirements of the most demanding organizations in terms of security and performance.

Access Control (RBAC)

Granular role and permission management. Define access profiles by module, entity, and data sensitivity level.

Multi-tenant Architecture

Complete data isolation between organizations. Ideal for multi-entity groups and GRC consulting firms.

REST API Integration

Comprehensive and documented REST API for integration with your existing tools: SIEM, ITSM, CMDB, vulnerability scanners.

Real-time Notifications

Real-time alerts via email, in-app, and webhook. Stay informed about deadlines, status changes, and escalations.

AI Assistant (IMY)

Integrated artificial intelligence for gap analysis, documentation generation, and real-time contextual assistance.

Custom Frameworks

Create your own custom frameworks and controls. Import your internal policies and industry-specific requirements.

Evidence Automation

Automated compliance evidence collection via connectors. Reduce audit preparation time by 70%.

RACI Matrices

Clearly define responsibilities per process and control. Responsible, Accountable, Consulted, Informed for every action.

Eight integrated modules

Compliance Management

Risk Management

Audit Management

Document Management

Asset Management

Business Continuity

Incident Management

Dashboards & Reporting

16+ supported frameworks

Modern Architecture

Access Control (RBAC)

Multi-tenant Architecture

REST API Integration

Real-time Notifications

AI Assistant (IMY)

Custom Frameworks

Evidence Automation

RACI Matrices

How it works

Configuration

Assessment

Remediation

Continuous Compliance

Ready to transform your GRC?