One connected GRC system
Depth for the team, Simplicity for everyone
Govern strategy and policies, manage the full risk lifecycle, and demonstrate compliance in one system. The GRC team works in Org View. Everyone else completes their assigned actions in Employee View.
AI drafts and recommends. Your team reviews and decides.
Two experiences, One connected GRC system
Specialist depth for the GRC team. Simple participation for everyone else.
Each audience gets a purpose-built experience in the same system, and every request, response, review, and decision returns to one auditable workflow.
Governance, from strategy to policy acknowledgment
Plan the roadmap, author and co-edit policies, publish approved versions, and prove acknowledgment without leaving HAKTIV.
A live operating workspace, not a folder of uploaded documents, author, co-edit, version, publish, and tie every acknowledgment to the exact version received.
Your methodology, One risk lifecycle
Define the scoring model, collect input across the organization, assess and approve risks, and track treatment and evidence in one system.
Build the methodology, fields, values, formulas, ranges. Collect input through Employee View, assess with reviewer-controlled AI recommendations, route for approval, and track treatment and evidence in one register.
AI recommends. You decide.
One control Multiple frameworks
Map overlapping requirements to shared controls and reuse controls and evidence wherever they apply.
The Unified Control Library keeps a shared control's evidence, tasks, and status connected across the frameworks it is mapped to update once, reflected wherever it applies.
One access-control evidence package can support NCA ECC, SAMA CSF, ISO/IEC 27001, and PCI DSS where the mappings apply.
Evidence collected from its owners
reviewed in one place
Evidence requests go to the control owners who hold the proof. Owners upload and submit through Employee View, and the GRC team reviews it in Org View. Every file is versioned and moves through a clear lifecycle, with the same audit trail as the rest of the platform.
Leadership sees the posture
The GRC team keeps the detail
An executive overview shows strategy and initiative progress, risk posture, compliance progress, and policy status. Beneath it, every state change is logged with the actor, the timestamp, and what changed, so the GRC team retains the full history behind any number, and an assessment or audit has a trail to follow.
Isolated for every entity, Accessible through one authorized root account
A holding company and its subsidiaries run as linked organizations. Each subsidiary gets its own isolated portal, with its own views, progress, and data, walled to itself. A root administrator has permission to switch between child and parent organizations from one authorized account.
Who it is for: holding groups and authorities with subsidiaries that need each entity separated, with one administrator scoped across the group.
AI drafts and recommends
Your team reviews and decides
AI assists across the platform: drafting risk questionnaires, recommending assessments and surfacing potential risks and gaps, generating tasks and subtasks, and summarizing policies. A framework-scoped assistant answers questions within the framework you are working in.
Responsible owners review, edit, approve, or reject each output, so accountability stays with your team.
Deploy your way
Data stays in the Kingdom
Run HAKTIV as SaaS, a dedicated tenant, or on-premises. For cloud deployments, customer and compliance data is hosted, stored, and processed in the Google Cloud Dammam region, with no processing or transfer outside the Kingdom of Saudi Arabia.
See the whole GRC program working in one demo
Book a 30-minute walkthrough across Org View and Employee View. We will show governance, risk, compliance, evidence, and the frameworks relevant to your organization.