Maple GRC -- Continuous, Dynamic, Adaptive Cyber Governance, Risk and Compliance Management
Quantify their financial impact and implement controls, policies, and plans — all within Maple GRC. Achieve and maintain compliance for CyberSecure Canada, ISO 27001, and CMMC/CPCSC.
The CDA Framework: Continuous, Dynamic, Adaptive Cyber Security
Maple GRC follows the Continuous Dynamic Adaptive (CDA) cyber security framework to take you from understanding your organization's context to implementing industry-specific controls and maintaining continuous compliance.
Understand Organization Context
Maple GRC analyzes your organization's context: departments, job functions, software tools you use, and data flows. This foundation enables industry-specific risk modeling tailored to your exact environment.
Analyze Threat Intelligence
Live threat intelligence feeds show how adversaries attack organizations similar to yours. We filter attack scenarios, techniques, and tools relevant to your industry so you see real threats, not generic ones.
Map Controls & Mitigation
For each risk scenario, view the attack vector, techniques used, and both technical and people controls needed to mitigate and detect threats. Get step-by-step guidance for implementing controls across 100+ supported tools.
Implement Controls & Training
Deploy controls with detailed configuration steps for your specific tools. Generate modular policies and role-based training content so every job function understands their role in cyber defense.
Generate Policies & Plans
The platform auto-generates compliance policies, incident response plans, and business continuity plans — all tailored to the controls you've implemented and relevant to your industry standards.
Continuous Monitoring & Reporting
Continuously monitor compliance posture, track control implementation status, and generate real-time audit reports. Re-run analysis after implementing controls to measure risk reduction and financial impact.
See Maple GRC in Action
Watch a complete walkthrough of how Maple GRC guides you through CyberSecure Canada compliance
Three Frameworks, One Platform
Maple GRC supports CyberSecure Canada, ISO 27001, and CMMC/CPCSC. Built on NIST CSF 2.0, all frameworks share the same control implementation workflow.
CyberSecure Canada
Help Canadian SMBs implement baseline cybersecurity controls and achieve CyberSecure Canada certification.
What's Included
Baseline security controls for SMBs
Risk assessment and quantification
Control implementation guidance
Compliance documentation
Audit readiness preparation
Learn CyberSecure Canada Implementation
Watch our complete 8-video walkthrough series showing step-by-step how to implement CyberSecure Canada using Maple GRC. Each video is 10 minutes or less.
Videos
Each
No CC
ISO 27001
Implement the international standard for information security management systems (ISMS) with systematic control management.
What's Included
ISMS framework implementation
Control selection and mapping
Risk management workflow
Policy and procedure generation
Certification audit support
Ready to Get Started?
Start your free 14-day trial and see how Maple GRC can help you implement ISO 27001 compliance.
Start Your Free TrialCMMC / CPCSC
Meet CMMC requirements for US defense contractors and CPCSC for Canadian government supply chain security.
What's Included
CMMC level assessment
CPCSC compliance mapping
Government contract requirements
Supply chain security controls
Audit and certification readiness
Ready to Get Started?
Start your free 14-day trial and see how Maple GRC can help you implement CMMC / CPCSC compliance.
Start Your Free TrialSimple, Transparent Pricing
Choose the plan that fits your organization size. All plans include the full platform with all features and support. 25% discount for charities and non-profits.
Small organization
Up to 10
staff members
Medium organization
Up to 50
staff members
Growing organization
Up to 200
staff members
Large organization
Up to 500
staff members
Every Plan Includes Full Platform Access
Frequently Asked Questions
Everything you need to know about Maple GRC's cyber security and privacy governance, risk, and compliance platform.
Maple GRC's features are based on NIST CSF 2.0 with management workflow based on ISO 27001. It currently supports CyberSecure Canada, NIST 800-171, The Canadian Program for Cyber Security Certification (CPCSC), ISO 27001, Ontario FSRA, SOC 2, and more. Because of this unique approach, all other standards as well as certifications are a reporting layer and feedback mechanism through internal and external auditing.
Maple GRC automatically understands your organization's context, then compares it with a database and live feeds of data and cyber threat intelligence to surface the most likely risk scenarios. It shows exactly how each risk scenario works out and how it is modeled on your organization's software. Then, it runs a statistical model to show how much this scenario would cost if it materializes and compares that to your organization's financial capacity, supporting decisions on cyber budgeting.
Pricing is based on staff count: up to 10 people at $150/month, up to 50 staff at $300/month, up to 200 people at $600/month, and up to 500 people at $900/month. Each plan includes an implementation pack (4, 32, or 64 hours). A 25% discount is available for charities and non-profit organizations.
Yes, Maple GRC is fully self-service with video and documentation at each step. There is also an AI chat assistant that users can ask questions for guidance on next steps, and there is an option for live chat support if needed.
Maple GRC covers three types of controls: Technical controls with specific configuration steps to check and implement; Organizational controls with automatically drafted modular policies based on your risk decisions; and People controls including training content for specific threats modeled against job functions.
Yes. Because there is always a chance for each technical risk to succeed, Maple GRC provides an incident response plan for each risk scenario. If the entire risk materializes, there is also a comprehensive business continuity plan to ensure your organization can recover and maintain operations.
Absolutely. Maple GRC can be scoped to the entire organization or a specific department, such as the development department, if that is where you want to focus data protection. Pricing is based on the staff count within your chosen scope.
Maple GRC drafts unique modular policies based on your organization's decisions to mitigate specific risk scenarios. It also drafts policies for baseline standards that your organization might choose — standards that have a specific list of controls that must be implemented regardless of risk posture and decision.