Skip to content

GRC Software for Compliance & Risk Management

Kadie is built to raise the bar without raising the barrier: a GRC workspace that gains features, integrations, and smarter AI UX on a constant release rhythm—for startups, mid-market, and enterprises that refuse to overpay for yesterday's stack.

  • No credit card required
  • Cancel anytime
  • Built-in AI assistance (tokens by plan)

Plan availability & modules

Kadie is modular GRC software: each plan unlocks a layer of capability—Basic for everyday governance, One for ISO 9001 quality management, and Pro for ISO 27001 information security. Higher tiers include everything below. Token packs, limits, and commercial details are on pricing.

Compare plans
Kadie Basic
14 modules

Core GRC workspace

Kadie One
22 modules

ISO 9001 quality management

Kadie Pro
27 modules

ISO 27001 information security

Show modules for
Basic One Pro AI-assisted
Click any module row to expand key capabilities. Checkmarks show which Kadie plan includes it.
Module What it does BasicOnePro
Unified regulatory planning agenda—due tasks from all QMS/ISMS sources plus custom tenant reminders.

Unified regulatory planning agenda—due tasks from all QMS/ISMS sources plus custom tenant reminders.

  • Full agenda ordered by due date with dashboard slice
  • Custom regulatory planning tasks with recurrence
  • Aggregates due dates from audits, training, incidents, KPIs, and more
Inventory information and physical assets with classification types and shared resource lookups for governance.

Inventory information and physical assets with classification types and shared resource lookups for governance.

  • Asset register with dashboard counts and risk linkages
  • CIA valuation and bulk criticity recalculation on Pro
  • RBAC grant targets and cross-module resource catalog
Plan your internal audit program—schedule audits, define scope, and maintain the auditor pool.

Plan your internal audit program—schedule audits, define scope, and maintain the auditor pool.

  • Audit records and auditor pool management
  • Tenant-wide findings list across all audits
  • Dashboard counts and management-review audit summaries
Map your organizational context with SWOT or PESTEL—internal and external factors that shape your management system.

Map your organizational context with SWOT or PESTEL—internal and external factors that shape your management system.

  • Filter context elements by dimension and category
  • Tenant-configurable SWOT or PESTEL mode
  • Bulk category scaffolding and AI-assisted element drafting
  • Feeds management review with structured context summaries
Record and track audit findings—observations and recommendations—within each audit engagement.

Record and track audit findings—observations and recommendations—within each audit engagement.

  • Description, recommendation, and responsible assignee per finding
  • Status lifecycle: planned, ongoing, completed, discarded
  • Scoped under each audit record with actions taken
Capture and track improvement opportunities arising from any module or external source.

Capture and track improvement opportunities arising from any module or external source.

  • Origin module and origin-id filtering
  • Dashboard counts and management-review feed
  • Action Center integration for due follow-ups
Track key performance indicators and periodic measurements to monitor objective achievement and system performance.

Track key performance indicators and periodic measurements to monitor objective achievement and system performance.

  • Indicators optionally linked to QMS objectives
  • Time-series measures with dashboard counts
  • AI-generated indicator suggestions and management-review KPI feeds
Maintain a legal and regulatory compliance register with typed requirements and detailed obligation tracking.
Formal non-conformity management and corrective action tracking to close gaps from audits or other sources.

Formal non-conformity management and corrective action tracking to close gaps from audits or other sources.

  • AI-assisted root-cause suggestions per non-conformity
  • Nested corrective actions with status tracking
  • Management-review feed and Action Center due-date integration
Model physical sites and organizational hierarchy—branches, positions, and reporting lines—for scope and role assignment.

Model physical sites and organizational hierarchy—branches, positions, and reporting lines—for scope and role assignment.

  • Branch and office site registry
  • Supervisor hierarchy with visual graph export
  • Competence levels per position—anchors for RACI and access control
Model business processes with hierarchical steps, inputs and outputs, and links to controlled procedures.

Model business processes with hierarchical steps, inputs and outputs, and links to controlled procedures.

  • Category filtering and dashboard counts
  • Hierarchical process steps with inputs/outputs
  • Read-only links to controlled documents on ISO 9001 plans
Clarify accountability with a responsibility matrix—Responsible, Accountable, Consulted, Informed—across process steps and positions.

Clarify accountability with a responsibility matrix—Responsible, Accountable, Consulted, Informed—across process steps and positions.

  • Full RACI matrix across process steps and org-chart positions
  • R/A/C/I assignments for operational and audit governance
Enterprise risk and opportunity management with treatment actions, safeguards, and configurable risk matrices.

Enterprise risk and opportunity management with treatment actions, safeguards, and configurable risk matrices.

  • Risk register with history, acceptance, and dashboard panel
  • AI-generated risk suggestions and assisted treatment actions
  • ISO 27001 threat/vulnerability catalogs and opportunity evaluations on Pro
Identify interested parties and assess their needs, expectations, and influence on the organization.

Identify interested parties and assess their needs, expectations, and influence on the organization.

  • Stakeholder directory with per-party analysis
  • Influence, impact, and operational-needs tracking
  • Management-review feed and inputs for risk workflows
Controlled change management with associated risk assessment for planned modifications.

Controlled change management with associated risk assessment for planned modifications.

  • Change requests with full status lifecycle
  • Nested change-risk assessments per change
  • One-click copy of change risks into the main risk register
Manage quality claims and customer or supplier statements that require formal handling.

Manage quality claims and customer or supplier statements that require formal handling.

  • Status and due-date tracking per claim
  • Management-review feed
  • Action Center integration for follow-up deadlines
Define competence frameworks and run periodic assessments of personnel against required skills.

Define competence frameworks and run periodic assessments of personnel against required skills.

  • Latest competence assessment per user with job position
  • Manager subtree visibility; admin sees the full organization
  • Documented competence evidence linked to org-chart positions
Controlled document management for operational records and system-level manuals and policies.

Controlled document management for operational records and system-level manuals and policies.

  • Draft/publish workflow with full version history
  • DOCX upload-to-content and AI compose/edit jobs
  • CIA weighting and bulk recalculation on Pro; Teams webhook on publish
Run periodic management review meetings with consolidated inputs from across the management system.

Run periodic management review meetings with consolidated inputs from across the management system.

  • Structured review sessions with commentary items
  • Last-review lookup and peer-module agenda feeds
  • PDF export of completed reviews via Reporting
Set quality and organizational objectives aligned with your management system strategy.

Set quality and organizational objectives aligned with your management system strategy.

  • Measurable targets per objective
  • AI-assisted objective drafting
  • Downstream linkage to KPI indicators and management-review summaries
Qualify suppliers and run periodic performance evaluations for your quality management system.

Qualify suppliers and run periodic performance evaluations for your quality management system.

  • Supplier master data with nested evaluations
  • Tenant-configurable scoring scales
  • Dashboard counts and management-review performance feed
Develop personnel through formal training and awareness activities—so people understand policies, roles, and system impact.

Develop personnel through formal training and awareness activities—so people understand policies, roles, and system impact.

  • Training and awareness programs distinguished by type
  • Participant assignment and outcome scores per program
  • Action Center integration for scheduled program due dates
ISO 27001 Annex A control catalog and Statement of Applicability—declare which controls apply and how they are implemented.

ISO 27001 Annex A control catalog and Statement of Applicability—declare which controls apply and how they are implemented.

  • Read-only Annex A catalog with linked risks and documents
  • Dual SoA dashboard visualization
  • PDF SoA report export via Reporting
Record and track personnel disciplinary actions and security policy violations for HR and ISMS audit evidence.

Record and track personnel disciplinary actions and security policy violations for HR and ISMS audit evidence.

  • Events linked to a user and optionally to a security incident
  • Documents violations and actions taken
  • Audit-ready personnel security evidence
ISMS secure data deletion and media disposal tracking—documenting what was erased, how, from which asset, and under whose approval.

ISMS secure data deletion and media disposal tracking—documenting what was erased, how, from which asset, and under whose approval.

  • Required asset link with classified media types (devices, storage, removable, cloud, application data, appliances, physical)
  • Deletion methods (overwrite/clear, crypto purge, degaussing, physical destruction) and status workflow from planned through verified
  • Requester, responsible, and org-chart approver with dates, reason and evidence, plus auto-generated record codes from method, asset, and confidentiality level
Register, investigate, and respond to security incidents aligned with ISO 27001 incident management.

Register, investigate, and respond to security incidents aligned with ISO 27001 incident management.

  • Severity and status tracking per incident
  • AI-assisted root-cause, correction, and corrective-action suggestions
  • Teams webhook notifications and Action Center integration
Role-based access control mapping—document which positions have read or write access to which assets.

Role-based access control mapping—document which positions have read or write access to which assets.

  • RBAC matrix per org-chart position × asset pair
  • Grant levels: denied, read, or write
  • Audit-ready access control evidence tied to structure and inventory

AI drafting and summarization consumes tokens from balances your organization has active (plan entitlements and purchased packs—each with its own validity). See pricing for packs and terms.

Kadie-specific policies

Kadie Terms of Use

Product-level rules for Kadie: acceptable use of the app, accounts and roles, and responsibilities when operating your management system in Kadie.

Open Kadie Terms of Use

AI Usage & Data Policy

How AI features work in Kadie, what tokens measure, and how prompts and outputs are handled in relation to your content.

Open AI Usage & Data Policy

General site terms and privacy still apply; these pages cover Kadie-specific and AI-specific commitments and are highlighted here for product visitors (they also appear where relevant in the site footer).

Questions & answers

No. AI capabilities are part of Kadie. Your organization uses tokens from entitlements you have active—from your subscription where applicable, plus token packs you purchase. Tokens do not reset each billing cycle as a full new bucket. Each allocation is usable for its stated validity window; unused tokens expire at the end of that window. Optional packs add more capacity when you need it. When the balance runs low, AI-assisted actions pause until you add capacity. See pricing for packs and terms.

Tokens measure how much text the model processes: input you provide plus the reply. Short prompts and summaries use fewer tokens than long documents or multi-step drafts. Your organization draws down against token balances you hold (included with your plan where applicable, and/or from packs you buy). Those balances are not replenished automatically each billing month. Each entitlement is valid for a fixed period—unused tokens expire when that period ends. Administrators can monitor consumption so teams can pace high-volume workflows.

A token is roughly a small chunk of text (similar in size to part of a word), including punctuation. A short paragraph might be a few dozen tokens; a full policy draft can be thousands. How many you need depends on how often you use AI for drafting, summarization, and similar tasks. Your workspace shows remaining balance so you can align usage with your plan.