Skip to the main content.
Try GRC Playbook for free
Try GRC Playbook for free

GRC Playbook Logo Registered


Getting Compliance Done

You know your compliance needs, let us help you deliver






What is GRC Playbook®?

GRC Playbook is a fully functional, and highly affordable, governance, risk, and compliance assessment, testing, and reporting efficiency tool.

Written in the C Sharp programming language, the GRC Playbook software runs on top of Microsoft Excel®, one of the most widely used office programs in the world.

Use GRC Playbook to perform risk-based, scalable, and highly cost-effective assessments, and generate automated presentation-ready reporting, to satisfy regulatory and corporate-mandated requirements – from rapid Gap Analyses (SAQs) to full-scale regulatory and COSO-type Risk and Control Matrix (RCM) assessments.

Risk Registers, Heatmaps, Dashboards, Status, and Gap Summaries automatically populate as the assessment data is entered into a Playbook and provides a rich and immediate one-click management reporting environment for individual assessment and globally for aggregated and consolidated reporting, as appropriate.

GRC Playbook is an ideal in-house corporate compliance self-assessment (SAQ) efficiency tool.


We know the regulations

We have over 30 years experience providing value-added GRC solutions to businesses world-wide


You know your business

You know your business’s changing compliance needs and the budgetary and regulatory challenges you face



We provide the templates

Our extensive and growing library of Playbook templates covers a broad range of legal and regulatory subject areas


You get the job done

Download a Playbook and confidently get your compliance-related mandates done, reviewed, and presented to your senior management and board


Based on Authoritative Sources



We ease the pain of your regulatory challenges by helping you to avoid:

Costly content preparation and validation, and the time-consuming development of presentation-ready reports and deliverables

Reputational damage from failed regulatory inspections

Adverse stakeholder actions resulting from the inability to demonstrate adequate compliance due diligence

Last-minute scrambles resulting from senior management and board-level requests for timely status reports on business-critical compliance issues


What is GRC Playbook® for Accounting and Advisory Firms?

Adoption of GRC Playbook® could not be easier

Nobody wants to re-invent the wheel – Playbooks are pre-populated, scalable, and can be put to use immediately on download

Playbooks leverage the familiar Excel interface – minimal learning curve and immediate confident productivity

Each Playbook is an editable fully loaded Excel® template derived from authoritative sources hyperlinked directly into the Playbook.

Unlikely to require IT review and approval like enterprise-level database solutions - Playbooks are familiar "Smart" Excel® templates.


How to grow your business with GRC Playbook®

How we support you

Pre Populated Templates

Pre Populated Templates

Each Playbook is a fully loaded Excel® template derived from authoritative sources hyperlinked directly into the Playbook.

Seamless Onboarding

Seamless Onboarding

We will work with you to ensure a seamless onboarding and get GRC Playbook working for you immediately.

Wraparound Support

Wraparound Support

We will be with you every step of the way, providing you with tailored service to support your compliance needs

Ongoing Updates

Ongoing Updates

Updates and enhancements to the software and Playbooks will be provided regularly during your subscription period.


Some of Our Most Popular Playbooks

Internal Control over Financial Reporting (ICFR)

The Library of Core ICFR Playbooks addresses the following entity and transaction-level activities:

  • Baseline Controls in Small Entities
  • Entity Level Controls (Tone at the Top)
  • Financial Statement Close and Reporting
  • General Control Activities over Technology (ITGC)
  • Information Technology Application Controls (ITAC)
  • Systems Development Life Cycle (SDLC)
  • Purchases Cycle (Procure-to-Pay)
  • Revenue Cycle (Order-to-Cash)
  • Payroll Cycle
  • Inventory Cycle
  • Treasury and Investments Cycle
  • Commitment and Contingencies
  • Taxes, and
  • Shareholders' Equity
Information Technology (IT)

This Information Technology (IT) Library includes the following Playbooks:

  • General Control Activities over Technology (ITGC)
  • Information Technology Application Controls (ITAC)
  • System Development Life Cycle (SDLC)

The Cybersecurity Library includes the following Playbooks:

  • Cybersecurity Framework (NIST CSF) V1.1
  • Cybersecurity Framework (NIST CSF) V2.0 DRAFT
  • Ransomware Risk Management Framework (NIST)
  • Basic Ransomware Protection and Recovery (NIST_JCA)
  • Supply Chain Risk Management Baseline (NIST 800-53 Revision 5 and 800-53B)
  • Cybersecurity Maturity Model (CMMC 2.0) Level 1 Foundational
  • Cybersecurity Maturity Model (CMMC 2.0) Level 2 Advanced
  • Cybersecurity Assessment Tool (CAT) Inherent Risk Profile Worksheet (FFIEC)
  • Cybersecurity Assessment Tool (CAT) Baseline Assessment (FFIEC)
  • Cybersecurity Preparedness and Operational Resiliency (SEC/OCIE)
  • Cybersecurity (NYDFS NYCRR §500)
  • Standards for Safeguarding Customer Information (GLBA/FTC)
Anti-Money Laundering, Counter-Terrorist Financing, and Sanctions

The Anti-Money Laundering, Counter-Terrorist Financing, and Sanctions Library includes the following Playbooks:

  • Anti-Money Laundering and Counter-Terrorist Financing (FATF)
  • BSA/AML-CP: BSA/AML Compliance Program
  • BSA/AML-SARs: BSA/AML Suspicious Activity Reporting (SARs)
  • BSA/AML-CIP: BSA/AML Customer Identification Program (CIP)
  • BSA/AML-IS: BSA/AML Information Sharing
  • BSA/AML-OFAC: BSA/AML Office of Foreign Assets Control (OFAC)
  • BSA/AML Activity Monitoring and Filtering (NYDFS 23 NYCRR 504)
  • OFAC-SCP: OFAC Sanctions Compliance Program (SCP)
Privacy and Data Protection

This Privacy and Data Protection Regulation Library includes the following GDPR and CCPA Playbooks:

  • GDPR Controller
  • GDPR Processor
  • GDPR Information Security
  • GDPR Direct Marketing
  • GDPR Records Management
  • GDPR Data Sharing, and
  • GDPR CCTV Video Surveillance
  • California Consumer Privacy Act (CCPA)
Anti-Bribery and Corruption

This Anti-Bribery and Corruption Library includes the following Playbook:

  • Foreign Corrupt Practices Act (FCPA)
  • Kleptocracy and Foreign Public Corruption (FinCEN), and
  • The UK Bribery Act 2010.
Growth, Profitability, and Business Development

The Growth, Profitability, and Business Development Library includes the following Playbooks:

  • Business Development Framework
  • Profitable Revenue Growth:
    • Acquiring New Customers
    • Retaining and Growing Existing Customers, and
    • Optimizing Pricing
Environmental, Social, and Governance (ESG)

This Environmental, Social, and Governance (ESG) Library includes the following Playbooks:

  • Environmental, Social, and Governance (ESG)
  • TCFD ESG Guidance
  • SEC Climate-Related Disclosure Guidance
  • ISS ESG Proxy Voting Guidelines
Corporate Compliance Program

The Corporate Compliance Program Playbook addresses the following:

  • Design
  • Adequately Resourced and Empowered to Function Effectively
  • Working in Practice

HIPAA Risk Assessment and Security Rule

The HIPAA Risk Assessment and Security Rule Assessment Playbook addresses the following HIPPA Security Rules:

  • F1 – Risk Assessment
  • F2 – Administrative Safeguards
  • F3 – Physical Safeguards
  • F4 – Technical Safeguards
  • F5 – Organizational Requirements
  • F6 – Policies, Procedures and Documentation Requirements

World-leading expert in Governance, Risk, and Compliance

Over 35 years of experience in solving your governance, risk, and compliance needs, condensed into one subscription.

  • Don’t reinvent the wheel
  • Wow your stakeholders
  • Keep your regulators happy
“We want to help you kick-start, and succesfully deliver, your governance, risk management and compliance mandates and initiatives.”

Kevin M. Hyams CPA, FCA, CFE


Kevin M. Hyams CPA, FCA, CFE

One Affordable Subscription. 100+ Playbooks.

With one subscription, you'll gain access to all of our Playbooks.


Would you like to find out just how affordable and beneficial a GRC Playbook® subscription can be?

Everything you need, on a platform you already know.

Try GRC Playbook for free


Sign up for our newsletter

and get the best of GRC Playbook straight to your inbox.