GRC Software for Compliance & Risk Management
Kadie is built to raise the bar without raising the barrier: a GRC workspace that gains features, integrations, and smarter AI UX on a constant release rhythm—for startups, mid-market, and enterprises that refuse to overpay for yesterday's stack.
Plan availability & modules
Kadie is modular GRC software: each plan unlocks a layer of capability—Basic for everyday governance, One for ISO 9001 quality management, and Pro for ISO 27001 information security. Higher tiers include everything below. Token packs, limits, and commercial details are on pricing.
Core GRC workspace
ISO 9001 quality management
ISO 27001 information security
| Module | What it does | Basic | One | Pro |
|---|---|---|---|---|
| Unified regulatory planning agenda—due tasks from all QMS/ISMS sources plus custom tenant reminders. | ✓ | ✓ | ✓ | |
|
Unified regulatory planning agenda—due tasks from all QMS/ISMS sources plus custom tenant reminders.
|
||||
| Inventory information and physical assets with classification types and shared resource lookups for governance. | ✓ | ✓ | ✓ | |
|
Inventory information and physical assets with classification types and shared resource lookups for governance.
|
||||
| Plan your internal audit program—schedule audits, define scope, and maintain the auditor pool. | ✓ | ✓ | ✓ | |
|
Plan your internal audit program—schedule audits, define scope, and maintain the auditor pool.
|
||||
| Map your organizational context with SWOT or PESTEL—internal and external factors that shape your management system. | ✓ | ✓ | ✓ | |
|
Map your organizational context with SWOT or PESTEL—internal and external factors that shape your management system.
|
||||
| Record and track audit findings—observations and recommendations—within each audit engagement. | ✓ | ✓ | ✓ | |
|
Record and track audit findings—observations and recommendations—within each audit engagement.
|
||||
| Capture and track improvement opportunities arising from any module or external source. | ✓ | ✓ | ✓ | |
|
Capture and track improvement opportunities arising from any module or external source.
|
||||
| Track key performance indicators and periodic measurements to monitor objective achievement and system performance. | ✓ | ✓ | ✓ | |
|
Track key performance indicators and periodic measurements to monitor objective achievement and system performance.
|
||||
| Maintain a legal and regulatory compliance register with typed requirements and detailed obligation tracking. | ✓ | ✓ | ✓ | |
|
Maintain a legal and regulatory compliance register with typed requirements and detailed obligation tracking.
|
||||
| Formal non-conformity management and corrective action tracking to close gaps from audits or other sources. | ✓ | ✓ | ✓ | |
|
Formal non-conformity management and corrective action tracking to close gaps from audits or other sources.
|
||||
| Model physical sites and organizational hierarchy—branches, positions, and reporting lines—for scope and role assignment. | ✓ | ✓ | ✓ | |
|
Model physical sites and organizational hierarchy—branches, positions, and reporting lines—for scope and role assignment.
|
||||
| Model business processes with hierarchical steps, inputs and outputs, and links to controlled procedures. | ✓ | ✓ | ✓ | |
|
Model business processes with hierarchical steps, inputs and outputs, and links to controlled procedures.
|
||||
| Clarify accountability with a responsibility matrix—Responsible, Accountable, Consulted, Informed—across process steps and positions. | ✓ | ✓ | ✓ | |
|
Clarify accountability with a responsibility matrix—Responsible, Accountable, Consulted, Informed—across process steps and positions.
|
||||
| Enterprise risk and opportunity management with treatment actions, safeguards, and configurable risk matrices. | ✓ | ✓ | ✓ | |
|
Enterprise risk and opportunity management with treatment actions, safeguards, and configurable risk matrices.
|
||||
| Identify interested parties and assess their needs, expectations, and influence on the organization. | ✓ | ✓ | ✓ | |
|
Identify interested parties and assess their needs, expectations, and influence on the organization.
|
||||
| Controlled change management with associated risk assessment for planned modifications. | — | ✓ | ✓ | |
|
Controlled change management with associated risk assessment for planned modifications.
|
||||
| Manage quality claims and customer or supplier statements that require formal handling. | — | ✓ | ✓ | |
|
Manage quality claims and customer or supplier statements that require formal handling.
|
||||
| Define competence frameworks and run periodic assessments of personnel against required skills. | — | ✓ | ✓ | |
|
Define competence frameworks and run periodic assessments of personnel against required skills.
|
||||
| Controlled document management for operational records and system-level manuals and policies. | — | ✓ | ✓ | |
|
Controlled document management for operational records and system-level manuals and policies.
|
||||
| Run periodic management review meetings with consolidated inputs from across the management system. | — | ✓ | ✓ | |
|
Run periodic management review meetings with consolidated inputs from across the management system.
|
||||
| Set quality and organizational objectives aligned with your management system strategy. | — | ✓ | ✓ | |
|
Set quality and organizational objectives aligned with your management system strategy.
|
||||
| Qualify suppliers and run periodic performance evaluations for your quality management system. | — | ✓ | ✓ | |
|
Qualify suppliers and run periodic performance evaluations for your quality management system.
|
||||
| Develop personnel through formal training and awareness activities—so people understand policies, roles, and system impact. | — | ✓ | ✓ | |
|
Develop personnel through formal training and awareness activities—so people understand policies, roles, and system impact.
|
||||
| ISO 27001 Annex A control catalog and Statement of Applicability—declare which controls apply and how they are implemented. | — | — | ✓ | |
|
ISO 27001 Annex A control catalog and Statement of Applicability—declare which controls apply and how they are implemented.
|
||||
| Record and track personnel disciplinary actions and security policy violations for HR and ISMS audit evidence. | — | — | ✓ | |
|
Record and track personnel disciplinary actions and security policy violations for HR and ISMS audit evidence.
|
||||
| ISMS secure data deletion and media disposal tracking—documenting what was erased, how, from which asset, and under whose approval. | — | — | ✓ | |
|
ISMS secure data deletion and media disposal tracking—documenting what was erased, how, from which asset, and under whose approval.
|
||||
| Register, investigate, and respond to security incidents aligned with ISO 27001 incident management. | — | — | ✓ | |
|
Register, investigate, and respond to security incidents aligned with ISO 27001 incident management.
|
||||
| Role-based access control mapping—document which positions have read or write access to which assets. | — | — | ✓ | |
|
Role-based access control mapping—document which positions have read or write access to which assets.
|
||||
AI drafting and summarization consumes tokens from balances your organization has active (plan entitlements and purchased packs—each with its own validity). See pricing for packs and terms.
Kadie-specific policies
Kadie Terms of Use
Product-level rules for Kadie: acceptable use of the app, accounts and roles, and responsibilities when operating your management system in Kadie.
AI Usage & Data Policy
How AI features work in Kadie, what tokens measure, and how prompts and outputs are handled in relation to your content.
General site terms and privacy still apply; these pages cover Kadie-specific and AI-specific commitments and are highlighted here for product visitors (they also appear where relevant in the site footer).