Swiss GRC Toolbox

Swiss GRC Toolbox is a centralized modular GRC platform enabling organizations to deploy specific modules individually and scale as needs evolve, covering risk management, compliance, information security (ISMS), data protection, business continuity (BCM), audit, and contract management. In 2025, Swiss GRC launched the AI GRC Module to help organizations navigate AI regulations including the EU AI Act, providing structured AI risk assessment, compliance management, and governance frameworks with automated workflows for transparency, security, and ethical oversight of AI systems.

The platform is built on configuration-driven customization without third-party acquisitions, offering Swiss-hosted data sovereignty with local data hosting options meeting stringent GDPR and Swiss data protection requirements. Technical capabilities include seamless module integration, role-based access controls, multilingual interfaces (supporting DACH, MEA, APAC regions), automated compliance tracking, real-time reporting and analytics, policy and contract lifecycle management, and support for frameworks including ISO 31000, COSO, DORA, NIS2, GDPR, and Swiss FINMA regulations.

Founded in 2016 by Besfort Kuqi and headquartered in Lucerne, Switzerland, Swiss GRC holds triple ISO certification (ISO 27001 for information security, ISO 27017 for cloud security, ISO 27701 for privacy management) and was named a Leader in the 2025 SPARK Matrix for GRC Platforms by QKS Group. The company serves insurance companies, banks, financial services, public institutions, automotive, energy, healthcare, and manufacturing sectors across DACH, MEA, and APAC regions, with notable customers including Baloise insurance and operates under the principle "Global Reach, Local Excellence" with 50+ employees.