Continuously Identify Your Most Likely Cyber Risks
Quantify their financial impact and implement controls, policies, and plans — all within Maple GRC. Built for organizations that need to achieve and maintain compliance certifications like CyberSecure Canada and ISO 27001.
Is Maple GRC for you?
Select your industry to see how Maple GRC helps organizations like yours achieve compliance and manage cyber risks.
Community Futures (CFDC)
Achieve CyberSecure Canada certification and manage cyber risks for your organization
Family Health Teams (FHT)
Protect patient data and achieve healthcare compliance standards
SaaS & Software Providers
Manage supply chain risk, prove data assurance, and achieve ISO 27001 & SOC 2
Managed IT Services
Build cyber security programs and offer services to your customers
Trusted by Leading Organizations Across Canada
Ontario CFDCs
Use Maple GRC
Certification Success
First audit to date
Free Trial
No credit card required
The CDA Framework: Continuous, Dynamic, Adaptive Cyber Security
Maple GRC follows the Continuous Dynamic Adaptive (CDA) cyber security framework to take you from understanding your organization's context to implementing industry-specific controls and maintaining continuous compliance.
Understand Organization Context
Maple GRC analyzes your organization's context: departments, job functions, software tools you use, and data flows. This foundation enables industry-specific risk modeling tailored to your exact environment.
Analyze Threat Intelligence
Live threat intelligence feeds show how adversaries attack organizations similar to yours. We filter attack scenarios, techniques, and tools relevant to your industry so you see real threats, not generic ones.
Map Controls & Mitigation
For each risk scenario, view the attack vector, techniques used, and both technical and people controls needed to mitigate and detect threats. Get step-by-step guidance for implementing controls across 100+ supported tools.
Implement Controls & Training
Deploy controls with detailed configuration steps for your specific tools. Generate modular policies and role-based training content so every job function understands their role in cyber defense.
Generate Policies & Plans
The platform auto-generates compliance policies, incident response plans, and business continuity plans — all tailored to the controls you've implemented and relevant to your industry standards.
Continuous Monitoring & Reporting
Continuously monitor compliance posture, track control implementation status, and generate real-time audit reports. Re-run analysis after implementing controls to measure risk reduction and financial impact.
See Maple GRC in Action
Watch a complete walkthrough of how Maple GRC guides you through CyberSecure Canada compliance
Automatic Audit & Continuous Reporting
Maple GRC continuously monitors your compliance posture, automatically tracks control implementation status, and generates real-time audit reports for CyberSecure Canada, ISO 27001, SOC 2, and NIST CSF standards.
Real-time Compliance Tracking
Monitor compliance status across all standards with live dashboards showing implementation progress, control status, and audit readiness.
Automated Evidence Collection
Upload supporting evidence files and let Maple GRC automatically link them to relevant controls and audit requirements.
One-Click Report Generation
Generate professional audit reports instantly. Export as PDF for internal reviews, external audits, or certification submissions.
CyberSecure Canada Audit
Track your compliance with the CyberSecure Canada standard. View implementation status for each control, upload evidence, and generate audit-ready reports with a single click.
- Real-time compliance progress tracking
- Evidence management and linking
- Export audit-ready reports
ISO 27001 Compliance Tracking
Monitor all 114 ISO 27001 controls with detailed requirement mapping, implementation guidance, and evidence tracking. Get instant visibility into compliance gaps and remediation priorities.
- All 114 ISO 27001 controls mapped
- Implementation status tracking
- Audit-ready compliance reports
Control Implementation Status
See at a glance which controls are Implemented, Partially Implemented, or Not Implemented. Prioritize remediation efforts based on audit requirements and compliance impact.
- Status badges for quick visibility
- Detailed implementation guidance
- Evidence linking for each control
Ready to automate your compliance audits and reporting?
Start Your Free TrialHolistic Management of Cybersecurity and Privacy
Maple GRC offers a holistic solution for managing cybersecurity and privacy through a continuous, dynamic, adaptive framework. Everything is app-driven and tailored to your organization's unique context—not one-size-fits-all templates.
By breaking silos between governance, risk, and compliance, Maple GRC empowers your organization to manage cybersecurity as a continuous, evolving process that aligns with business objectives while maintaining compliance and protecting privacy.
Cyber Security and Privacy Governance
Strategic oversight and organizational alignment
Cyber Risk Strategy
Develop adaptable strategies to respond to evolving risks and align with business objectives.
Supply Chain Risk Management
Monitor and manage risks across vendor ecosystems and third-party partnerships.
Policy Management
Align organizational policies with compliance requirements dynamically and maintain consistency.
Oversight and Accountability
Ensure stakeholders remain informed and accountable through transparent reporting.
governance
Closing the Business-Cyber Gap
Watch how Maple GRC governance starts with understanding your organization's context
Cyber Identification Features
Proactively assess and understand relevant cyber risks
Risk Scenarios and Assessments
Identify, analyze, and prioritize risks dynamically based on your organization's context.
Threat Intelligence and Vulnerability Management
Stay ahead with real-time threat intelligence feeds and scanner integrations.
Vendor Assessment
Evaluate and manage risks across third-party partnerships and supply chain.
Assets and Risks Identification
Comprehensive discovery and cataloging of organizational assets and associated risks.
identification
Cyber Detection and Protection Features
Identify risks effectively and build strong defenses
Detection Guidelines
Establish adaptive rules for rapid identification of potential threats and anomalies.
Controls Management
Ensure cybersecurity controls dynamically adapt to risk and compliance needs.
Training and Awareness
Develop employee capabilities to maintain operational security and reduce human error.
Protection Controls and Playbooks
Implement and maintain protection controls with predefined playbooks for common scenarios.
detection
Respond and Recover Features
Minimize damage and ensure business resilience
Incident Plans
Establish workflows to respond to incidents promptly and effectively.
Incident Reports
Analyze and document incidents to drive improvement and build organizational knowledge.
Business Continuity Plans
Minimize downtime and recover from disruptions swiftly with comprehensive recovery strategies.
Incident Response Management
Coordinate and manage incident response across all organizational functions.
response
Cyber Security Assessments
Simplify compliance while identifying gaps
Privacy Impact Assessments
Evaluate privacy risks and ensure compliance with data protection laws.
CyberSecure Canada Assessments
Prepare for CyberSecure Canada certification efficiently with guided assessments.
Security Assessments
Conduct detailed security evaluations to identify vulnerabilities and gaps.
CAIQv4 Assessments
Simplify assessments using Cloud Security Alliance's CAIQv4 framework.
assessments
Compliance Reports and Audit Support
Enable audit readiness and demonstrate compliance
ISO 27001 Audit Reports
Simplify ISO 27001 certification with detailed audit support and evidence collection.
CyberSecure Canada Audit Reports
Streamline the CyberSecure Canada certification process with comprehensive reporting.
SOC 2 Audit Reports
Ensure SOC 2 compliance with detailed reporting tools and control mapping.
Multi-Standard Compliance
Meet PCI DSS, NIST 800-53/800-218, HIPAA, PIPEDA, and Ontario FSRA requirements.
compliance
Dynamic and Adaptive Cybersecurity
Maple GRC is built to adapt to the unique needs of your organization. It enables stakeholders to achieve an informed sense of assurance, ensuring risks and controls remain in balance. Its dynamic framework integrates cybersecurity and privacy functions, ensuring they work cohesively to protect your data, maintain compliance, and support your business objectives.
Three Layers of Protection for Complete Coverage
Maple GRC addresses every dimension of cybersecurity — from technical configurations to organizational policies to people awareness — ensuring no gap in your defense.
Technical Controls
View configuration steps to check and implement each control. Maple GRC shows the exact settings to verify and apply across your infrastructure.
Organizational Controls
Policies and controls selected from either relevant risk scenarios identified through threat intelligence feeds, or from baseline security standards such as CyberSecure Canada and ISO 27001. Maple GRC automatically drafts modular policies tailored to your organization's decisions.
People Controls
Training content tailored to specific threats modeled against job functions, ensuring every team member knows how to recognize and respond to relevant risks.
See Each Control Layer in Action
Watch demonstrations of how Maple GRC implements technical, organizational, and people controls
Technical Controls
Organizational Controls
People Controls
Incident Response Plans
Because there is always a chance for each technical risk to succeed, Maple GRC provides a dedicated incident response plan for every risk scenario.
Business Continuity Plans
If an entire risk scenario materializes, a comprehensive business continuity plan ensures your organization can recover and maintain operations.
Baseline Standard Policies
For standards that require a specific list of controls regardless of risk posture, Maple GRC drafts policies to meet those baseline requirements.
Quantify Cyber Risk in Financial Terms
Stop guessing about cyber risk. Maple GRC uses real threat intelligence and statistical modeling to show you exactly how much each risk scenario would cost if it materializes — and whether your organization can absorb the impact.
Threat Intelligence
Live feeds of data and cyber threat intelligence compared against your organization's context to surface the most likely attack scenarios.
Financial Impact Modeling
Statistical models calculate the potential cost of each risk scenario and compare it to your organization's financial capacity for informed budgeting.
Attack Technique Mapping
Each risk scenario shows exactly how the attack works, the techniques used, and how it is modeled against your specific software and infrastructure.
Optimum Investment Guidance
Receive data-driven recommendations on the ideal cybersecurity spending to balance risk reduction with cost efficiency.
One Platform, Every Standard You Need
Because Maple GRC is built on NIST CSF 2.0 with ISO 27001 management workflows, all other standards and certifications become a reporting layer and feedback mechanism through internal and external auditing — not a separate implementation effort.
NIST CSF 2.0
Core FrameworkThe app's features are built on the NIST Cybersecurity Framework 2.0, providing a comprehensive approach to identifying, protecting, detecting, responding, and recovering from cyber threats.
ISO 27001
Management WorkflowThe management workflow follows ISO 27001, the international standard for information security management systems (ISMS), ensuring a systematic approach to managing sensitive information.
CyberSecure Canada
CertificationFull support for the CyberSecure Canada certification program, helping Canadian small and medium-sized organizations implement baseline cybersecurity controls.
NIST 800-171
ComplianceMeet the requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems, essential for organizations working with government contracts.
CPCSC
CertificationSupport for The Canadian Program for Cyber Security Certification, the Government of Canada's initiative to strengthen the cyber security posture of its defense supply chain.
SOC 2
ReportingPrepare for SOC 2 compliance with automated control mapping and evidence collection, demonstrating your organization's commitment to security, availability, and confidentiality.
Ontario FSRA
RegulatoryCompliance support for the Financial Services Regulatory Authority of Ontario requirements, ensuring financial service providers meet cybersecurity obligations.
And more standards and certifications are continuously being added as reporting layers.
Fully Self-Service with Intelligent Guidance
Maple GRC is designed to be fully self-service, with video and documentation at each step. When you need help, the AI assistant and live support are always available.
Video Walkthroughs
Step-by-step video guides at every stage of your GRC journey, from initial setup to advanced compliance reporting.
In-App Documentation
Comprehensive documentation embedded at each step, so you always know what to do next without leaving the platform.
AI Chat Assistant
Ask the Maple AI Assistant any question about your GRC program — from policy governance to risk assessments and compliance next steps.
Live Chat Support
When you need human expertise, connect with a live support agent directly within the platform for personalized guidance.
Research-Driven Cyber Risk Management
Maple GRC was developed to address the complex challenges organizations face in managing cybersecurity in today's dynamic digital environments.
Our Story
Maple GRC serves as a practical demonstration of the Continuous, Dynamic, and Adaptive (CDA) Cybersecurity Management Framework, a research-driven framework created to continuously balance cyber risks with appropriate controls.
This framework addresses key issues such as fragmented security controls, evolving threats, and the challenge of maintaining compliance with changing regulations—problems that traditional static approaches fail to solve.
Our aim is to enable organizations to move beyond static, one-size-fits-all cyber security management to a more fluid, responsive, and scalable strategy that evolves with the organization's needs and external threats.
Purpose
Maple GRC's purpose is to enable organizations to govern and manage cyber security risks more effectively by integrating continuous, dynamic, and adaptive processes into their governance, risk management, and compliance (GRC) efforts.
By ensuring real-time alignment between cyber security strategies and organizational needs, the platform addresses both operational security risks and compliance demands.
Mission
To enable organizations' stakeholders establish and maintain an informed sense of assurance that their relevant cyber risks and controls are in balance.
Vision
A world where cyber security is an integrated, continuously evolving aspect of every organization's operations, leveraging scientific research to ensure adaptive responses to emerging threats.
Core Values
Research-Based Solutions
Our platform is grounded in rigorous academic research, developed as part of a doctoral research project. Every function within Maple GRC is designed to solve real-world cyber security management problems identified in research.
Adaptive Risk Management
We focus on helping organizations manage cyber security risks by adapting to both internal changes and external threats, ensuring security measures grow alongside the organization.
Transparency and Integrity
Maple GRC provides a clear, research-driven path to cyber security management, ensuring that security measures are both practical and aligned with organizational goals.
Research Foundation: MapleGRC is based on an innovative framework introduced in a doctoral dissertation by Yehia Ahmed at the University of Colorado Colorado Springs. This research has been published in November 2024. For more information, contact us.
Experienced Leaders Driving Innovation
Our team combines decades of experience in cloud engineering, cybersecurity, product development, and business leadership.
Dr. Yehia (Ian) A.
Founder
Ian has 20 years of experience building and scaling technology organizations. He previously founded sustainable ventures, including a Cloud Value Added Reseller and an Accredited ISO Certification Body. Having witnessed the cyber challenges of thousands of customers firsthand, he was inspired to find new solutions through his doctoral research.
Credentials: Doctoral Degree in Cyber Security Management, Master's in Innovation Management, B.S. Electronics Engineering
Omar Khorshid
CTO
Omar has a decade of experience in Google Cloud engineering, data, AI, and architecture. This background provides him with firsthand expertise in scalable engineering, privacy by design, and site reliability (SRE) principles. At MapleGRC, he applies this deep technical experience to build and lead the technology team.
Credentials: PMP (Project Management Professional), Certified Google Cloud Architect, B.S. Electronics and Communication Engineering
Ala Morsy
Product Head
Ala has years of experience as a security engineer, assessing and managing IT environments for organizations of all sizes. This role gave her direct insight into countless data and security tools and the challenges users face. At MapleGRC, she channels this customer-centric experience to lead the product team.
Credentials: Security Engineering background, Customer-centric product leadership
Advisory Board
Samir ElBahaie
Angel Investor, Ex-Googler
Dr. Thomas Martin Key
Cyber Fellow, Professor
University of Colorado Colorado Springs
Dr. Matthew Metzger
Professor of Innovation and Entrepreneurship
University of Colorado Colorado Springs
Simple, Transparent Pricing
Choose the plan that fits your organization size. All plans include the full platform with all features and support. 25% discount for charities and non-profits.
Small organization
Up to 10
staff members
Medium organization
Up to 50
staff members
Growing organization
Up to 200
staff members
Large organization
Up to 500
staff members
Every Plan Includes Full Platform Access
Managed GRC Services Partners
While Maple GRC is intuitive and designed for self-service implementation, some organizations prefer hands-on support. Our certified Maple GRC partners provide comprehensive implementation and ongoing management services.
Cloudypedia
Managed GRC Services
Full-service managed GRC implementation and ongoing management for organizations across Canada.
Headquarters
Toronto, ON
Serving: Canada Wide
Address
60 Atlantic Ave #200, Toronto, ON M6K 0C4
General Data IT
Managed GRC Services
Expert GRC implementation and management services with deep cybersecurity expertise.
Headquarters
Saint John, NB
Serving: Canada Wide
Address
Brunswick Square Unit C4 & C5, 39 King Street, Saint John, NB E2L 4W3
Frequently Asked Questions
Everything you need to know about Maple GRC's cyber security and privacy governance, risk, and compliance platform.
Maple GRC's features are based on NIST CSF 2.0 with management workflow based on ISO 27001. It currently supports CyberSecure Canada, NIST 800-171, The Canadian Program for Cyber Security Certification (CPCSC), ISO 27001, Ontario FSRA, SOC 2, and more. Because of this unique approach, all other standards as well as certifications are a reporting layer and feedback mechanism through internal and external auditing.
Maple GRC automatically understands your organization's context, then compares it with a database and live feeds of data and cyber threat intelligence to surface the most likely risk scenarios. It shows exactly how each risk scenario works out and how it is modeled on your organization's software. Then, it runs a statistical model to show how much this scenario would cost if it materializes and compares that to your organization's financial capacity, supporting decisions on cyber budgeting.
Pricing is based on staff count: up to 10 people at $150/month, up to 50 staff at $300/month, up to 200 people at $600/month, and up to 500 people at $900/month. Each plan includes an implementation pack (4, 32, or 64 hours). A 25% discount is available for charities and non-profit organizations.
Yes, Maple GRC is fully self-service with video and documentation at each step. There is also an AI chat assistant that users can ask questions for guidance on next steps, and there is an option for live chat support if needed.
Maple GRC covers three types of controls: Technical controls with specific configuration steps to check and implement; Organizational controls with automatically drafted modular policies based on your risk decisions; and People controls including training content for specific threats modeled against job functions.
Yes. Because there is always a chance for each technical risk to succeed, Maple GRC provides an incident response plan for each risk scenario. If the entire risk materializes, there is also a comprehensive business continuity plan to ensure your organization can recover and maintain operations.
Absolutely. Maple GRC can be scoped to the entire organization or a specific department, such as the development department, if that is where you want to focus data protection. Pricing is based on the staff count within your chosen scope.
Maple GRC drafts unique modular policies based on your organization's decisions to mitigate specific risk scenarios. It also drafts policies for baseline standards that your organization might choose — standards that have a specific list of controls that must be implemented regardless of risk posture and decision.