What we're building for you
The CapGRC roadmap is driven by the real needs of our clients. Have a suggestion? Share it — the next features are the ones you request most.
Suggest a featureDelivered — 2024–2026
CapRISK — Risk management module
Centralized register, configurable risk matrix, treatment plans and indicators
CapCOM — Regulatory compliance module
Law 25, ISO 27001, PCI-DSS, GDPR, NIS2, DORA — multi-framework tracking
CapAUDIT — Internal audit module
Planning, work programs, audit assignments, exportable reports
CapPROSEC — Project security module
Law 25 PIA by design, project risk assessment, approval workflow
CapTRISK — Third-party risk module
Vendor inventory, automated questionnaires, scoring and due diligence
CapPGRC — GRC programs module
Strategic dashboards, maturity indicators, consolidated reports
CapPRP — Privacy officer obligations
PIAs, incident register, access requests, consents — Law 25, GDPR, PIPEDA
SSO / SAML 2.0
Azure AD, Okta and Google Workspace integration
Microsoft Teams and Slack integrations
Alert, deadline and reminder notifications
REST API v1
Secure programmatic access to GRC data
MFA and granular RBAC
Multi-factor authentication and role-based access control
Exclusive Canadian hosting
Redundant infrastructure, automatic backups, 99.9% availability
Bilingual FR/EN website
17 articles, 26-term glossary, ROI calculator, activation wizard, pricing
Q2–Q3 2027 — In development
Enhanced executive dashboard
Advanced visualizations for management and the board, with automatic PowerPoint export
Policy and document management
Publishing, versioning and read-acknowledgment tracking for security policies
Jira integration
Synchronization of action plans and audit findings with Jira tickets
Security incident module
Cyber incident management, Law 25 register, automatic notification to the OPC/CAI
SOC 2 Type II certification
Completion of the audit and publication of the certification report
Q4 2027 — Planned
Vendor portal
Dedicated space for vendors to respond to questionnaires directly in CapGRC
Azure DevOps integration
Synchronization of risks and action plans with DevOps pipelines
Customizable reports
Drag-and-drop report builder for GRC teams and management
ISO 27001 certification
Launch of the ISO 27001 certification program for the CapGRC platform
2028 and beyond — Vision
AI — Risk analysis
Automatic scoring and treatment suggestions based on organizational context
GRC as a Service (GRCaaS)
Managed offering for organizations without internal GRC resources
Framework marketplace
Community library of frameworks and templates contributed by users
ESG module
Extension of the GRC program to environmental, social and governance criteria
A feature missing from this roadmap?
Submit your suggestion — our product team reads all requests and incorporates them into quarterly planning.