Rapid7 reveals cyber GRC programme

Rapid7 has announced early access to its Cyber Governance, Risk, and Compliance (GRC) programme. The initiative is designed to connect security operations with governance, risk management, and compliance workflows, using real-time exposure data. The framework is intended to support a more integrated approach to risk management compared with traditional models.

Governments are increasing regulatory requirements while cyber threats continue to evolve in complexity. Traditional compliance approaches are often separate from day-to-day security operations, which can result in delayed or reactive processes. Rapid7’s Cyber GRC programme is positioned to address this separation by combining risk and control management within a more unified workflow.

According to Rapid7, many organisations invest in security tools but may lack consistent ways to assess the effectiveness of those controls. The Cyber GRC programme is designed to connect data from multiple assets and exposures to provide a broader view of risk, supporting decision-making based on available evidence.

The Rapid7 Command Platform is building an ecosystem of audit and GRC partners, including:

• HITRUST: Provides certification standards and frameworks to support risk management and security compliance.
• Insight Assurance: Delivers assessments across multiple compliance frameworks using technology-enabled processes.
• 360 Advanced: Offers compliance services across different industries, including both smaller organisations and larger enterprises.

The platform also includes capabilities aimed at supporting control monitoring, evidence collection, and audit workflows, such as:

• HITRUST Control Monitoring: Provides near real-time visibility into control performance and potential drift.
• User Access Audit Exports: Supports user access reviews for compliance purposes.
• Policy Bulk Export: Enables standardised export of policy data for reporting.
• VM Export Capability: Supports data export for vulnerability management and compliance use cases.

In the context of increasing regulatory and operational complexity, the Cyber GRC platform is intended to provide a consolidated environment for managing risk and supporting audit readiness. Wider availability of the programme is expected later in 2026.