How much does GRC software cost?

Posted by Emily Hill on Tue, Oct 17, 2017

One of the very first questions potential customers ask is: how much does your GRC software cost? A number of factors go into how we price our software, so in this post we set out to give you a better idea of how our pricing model works. 

Cost of EQMS and GRC software


The project

Obviously, a straight-forward 1-module system in a small, new business, with few regulatory requirements will be more straightforward, and so it will cost less than one that extends across a global organisation with multiple sites which needs lots of ERP integrations, configuration and maybe even bespoke development. 

auditing 5.png

Want a GRC software cost? Use our 3 step price calculator here.

We work with lots of different-sized businesses who want to use our software for different ends, including:

  • Making their business more efficient.
  • Managing their certification to ISO standards. 
  • Making their processes more uniform and consistent, as their business grows. 
  • Becoming more transparent and allowing for better accountability. 
  • Process-based risk management. 
  • Integration with an ERP or Linux-compatible system.
  • A very specific system they want to optimise.

These objectives are very important, because although you may have a very large organisation you might only need our system to control a very simple business process. On the other hand, your business might be small but you need the system to be set up for all of your business processes.

When we first ask you about your objectives, we'll make sure you know what questions to ask. For example, if you want a business management system, do you want it to integrate with your existing ERP? If you're hoping to achieve certification to an ISO standard, is that for one site or for all of them?

We try to keep this process simple, but implementing any new system takes time, investment, commitment and energy. We want to make sure we ask the right questions so there are no surprises later on. 

GRC software cost

Cost overview

CSO Online reports the average cost of GRC software is somewhere between $200,000 - $600,000. Qualsys's software is a fraction of this cost.

Our pricing varies from around £10,000 to £60,000. Our software is an off-the-shelf solution, which means it needs a little configuration to make it work for your business and then you are good to go. This makes it a fast, easy way to implement a governance, risk and compliance management system which truly works.

Included in this cost:

  • Best-practice implementation
  • Support
  • Administrator training
  • A dedicated account manager who will mentor you and your team 
  • Support with engaging end-users
  • Customer success leadership videos
  • Hosting (if required)
  • User Group community


When it comes to pricing, although your objectives won't change the cost they will change which modules will suit you and who will need to access the system. For example, if you solely want to control documentation in one department, you'll probably only need our document control module. If you want an enterprise business management system, you'll likely need all of the modules. 

Most of our customers start with four or five modules and add more as their management system matures. All modules work well on their own or as one integrated solution. 

Free end-users

Licences work like fairground tickets. You tell us how many administrators you need on each module. All modules cost the same. The only variable is the number of administrator licences you need. 

An administrator is someone who manages the system. Typically, they will: 

  • Create and maintain users and groups.
  • Control access, viewing permissions and notifications.
  • Maintain any sort of record.
  • Decide how the system will be configured. 

You don't want to give this access to everyone. Usually, it's best to have a select few people, such as your QHSE team. Occassionally managers from other departments will be administrators. For example, you may want HR to manage and control training records. 

We offer free end-user licences. Why? Everyone across your business needs to play their part, be accountable and take ownership. We want to make quality, governance, risk and compliance management a natural part of your everyday business. 

Adding an individual licence is a pain-free, efficient and effective process. This makes it easy if: 

  • Someone new starts at your business
  • Suppliers need access
  • Customers want to see certain information


A day of training per module for administrators is standard. If you're implementing more modules, the cost of training increases. However, end-users don't usually need training as the system is very user-friendly, keeping the cost low and the roll-out process fast. Most of our customers get their administrators to train end-users and tell them why the system needs to be used. 


[Qualsys offers you one dashboard for everything]

Bespoke modifications to the software 

Many of our customers find the software already has all the functionality they could ever need. However, we do offer our customers the option to make bespoke changes to the system. This is usually when our customers have a very specific process they need to manage. Some modifications we'll make completely free of charge if we feel all our other customers will benefit. 

Extra services 

You may not have the resources to replace your legacy systems yourself. We offer a range of services which can help you get up and running more quickly. These services include data migration support, validation scripts and process reviews. 


Ready to see our GRC software in action? 

Schedule a discovery call to discuss your needsWe know what questions to ask.  We will talk you through our pricing and answer any of your questions. 

Schedule a GRC Software discovery call


Tags: GRC Dashboard

Paralysis by analysis: KPIs you should be focusing on – Global Quality Survey results (Part #3)

Posted by Jamie Rose on Wed, Apr 26, 2017

EQMS makes compiling reports much easier


Picture the scene.

Multiple spreadsheets open on your screen. Scribbled Post-Its – "non-conformity doubled", "increase in outdated documents" – stuck haphazardly around your desk. Piles of paper with last week's to-do lists. 

If this sounds familiar, you aren't alone! Over half of the quality professionals who responded to the Global Quality Survey 2017 said they spent at least a full week of every month compiling and producing reports.

While Big Data has created an explosion of opportunities for you to reinvent the role of quality, paralysis by analysis is slowly stealing your precious time and sanity. 

But it's difficult to avoid the overload. There's now so much data, it can be incredibly overwhelming. So where should you be focusing your efforts? 

Below, we have set out three essential key performance indicators and ways in which you can quickly get and measure this data. These metrics were recommended by 151 quality professionals in the Global Quality Survey 2017. You might also find the following articles useful:

3 tips for choosing KPIs

5 quality performance indicators you should be tracking


#1 – Customer complaints

It's more than 100 years since the catchphrase "The customer is always right" was popularised by retailers such as Harry Gordon Selfridge, but it's still an essential motto for every business, and the not-so-secret key to long-lasting success. 

Quality is driven by customer demand: a good and consistent product or service must be deemed a quality experience. That's why customer complaints come so high on the list of common KPIs: lots of complaints leads to a reduction in quality.

Customer complaints are a common KPI

Measuring customer complaints is complex and so is likely to be one of your most time-consuming tasks. Some factors you might encounter in your measurement include:

  • Number of complaints in a set time period
  • External factors to consider in the number of complaints (poor weather affecting delivery, for example)
  • Where the complaint originated (service, product, delivery, aftercare etc.) and the individuals linked to that complaint
  • How many complaints were solved immediately or had to be escalated
  • Time taken to resolve a complaint
  • Complaints dealt with outside internal SLA closing times
  • Type of action taken (refund, return, replacement, future discount etc.)
  • Result of corrective action (escalation, closure, customer NPS score).

#2 – Preparing for and reporting on audits

Audits are commonplace for any quality professional. But one problem they face all too often is the need to devote time to correcting potential non-conformities before their audits have even begun.

Those professionals who used systems such as EQMS Audit Manager spent considerably less time preparing for and reporting on audits. However, the principle remains the same: audits are crucial to ensuring continuous quality improvement.

"70% of those who responded to the survey agreed that 'being ready for external audits' is important or extremely important to their role and organisation."

Internal audits were found to be a key metric, whether carried out as standard for continuous quality, or before planned external audits to prevent non-conformities from being raised.

Quality professionals who used audit tools such as EQMS Audit Manager reported less stress on their workload overall, highlighting technology as essential to success in an integrated quality culture. Automated reports and on-the-go audit options reduced the time spent collating information and findings, and allowed internal auditors to carry out audits on-site without the need to duplicate any effort.

#3 – Reviewing, uploading and changing documents

Quality professionals who are, or want to become, ISO 9001:2015 certified highlighted the importance of reporting on document-related issues within their organisation.

Problems such as outstanding feedback and outdated documents affect quality at a broader level. Reporting on these problems helps you to find the sticking points in the feedback process, identify areas in which you can further streamline automated workflows, and highlight usage metrics the quality management system provides.

KPI dashboard

Organisations that are ISO 9001:2015 certified have found that, despite having a quality management system in place, the number of employees actually using that system can remain low (for example, managers with administrator capabilities leaving out-of-date documents on the site). 
This can lead to further problems (such as incorrect customer instructions being followed), resulting in a flawed product which does not meet requirements. The costs involved in rectifying such flaws are limitless, so by using documentation review as a KPI you will be able to stay ahead of potential problems.

What you should do now

For more information about the Global Quality Survey, download the report here. 

Or, for more information about using EQMS to bring together all your quality performance indicators, request a free demonstration here.

Request your EQMS Software demonstration


 Photo credit: Alamy

Tags: Quality Management Software, Audit Management Software, GRC Dashboard

ISO 9001:2015 – 3 tips for choosing KPIs

Posted by Emily Hill on Wed, Aug 24, 2016

ISO 9001:2015 requires you to determine, monitor and measure output. However, ISO 9001:2015 does not prescribe specific key performance indicators (KPIs) you must track. Neither does it prescribe how you should monitor or measure your quality management system, when to monitor or measure your quality management system, or how and when you should analyse and evaluate your key performance indicator data.

All of these decisions must be made by the organisation. Richard_Green-KPI for ISO 9001

So how do can you choose what KPIs to monitor? And how often should you track them? 

In this article, quality guru Richard Green, founder and MD of Kingsford Consultancy Services gives you three tips to choosing your key performance indicators. 


Wistia video thumbnail - How to Measure Quality Improvement

Thanks for reporting a problem. We'll attach technical data about this session to help us figure out the issue. Which of these best describes the problem?

Any other details or context?



1. Base Your KPIs on Your Quality Objectives  

KPI goal_setting-1.jpgYour quality objectives should be SMART, e.g. Specific, Measurable, Achievable, Realistic and Time-bound. Clause 9.1.3 'Analysis and Evaluation' requires the organisation to analyse and evaluate appropriate data and information that it has obtained either externally or internally for a variety of pre-defined purposed (e.g. linking back to your quality objectives).

It requires you to analyse data and information to evaluate: 

So, as a minimum, you should construct your quality management system key performance indicators which evidence the above.


2. You can choose both qualitative or quantitative Key Performance Indicators

KPI Net-Promoter-Score-Formula.jpgCalculate NPS

A principal change in ISO 9001:2015 is that you must determine the degree (i.e. how much) the customer perceives their needs and expectations have been met. So, how can you obtain and use customer satisfaction information? 

You can measure whether customer expectations have been met both quantitatively or qualitatively, for example:

  • Net Promoter Score (NPS) 
  • Satisfaction Benchmark Survey
  • Revenue driven by existing customers or customer retention analysis


  • Feedback forms 
  • Issue analysis / audit results 
  • Workshops with customers

Furthermore, clause 6.2 requires organisations to set quality objectives for relevant functions, levels and processes within its quality management system, so it may be that you use different types of feedback for different areas of your organisation.


3. Focus on trends over time 


ISO 9001:2008 required evaluation of trends in data or information relating to products and processes. ISO 9001:2015 extends this and explicitly requires top management to consider trends at management reviews. 

This means it is necessary to examine performance through time, not just a single point in time. Although the frequency will depend on the context of the organisation, for example, a consultancy firm will require a different number of KPI reviews than a medical device manufacturer, a system such as EQMS which gathers data from across your organisation and notifies relevant parties when there is something outstanding can help provide a robust, systematic and agile system. 

So, when determining how often you will review your outputs it is necessary to consider what is reasonable for the context of the organisation.


Successfully transitioning to ISO 9001:2015 requires robust, agile and flexible systems. EQMS software consolidates and integrates all of your quality management system initiatives across your organisation in a single solution. 

Learn more about EQMS. 

GRC Softwar datasheets


Image credits: 


Tags: ISO 9001:2015, GRC Dashboard

5 quality Key Performance Indicators you should be tracking

Posted by Emily Hill on Thu, Aug 18, 2016

As a quality professional, you must be the eyes and ears of senior management. But with so much data available at your fingertips, it can be difficult to decide what you should report on. 

When you are choosing which Key Performance Indicators (KPIs) to track, we believe it is always much more valuable to focus on the critical few, rather than the trivial many. But what are they? And what do they tell you about business performance? 

In this article, we have put together 5 essential KPIs you should be tracking and what they tell you about the health of your quality management system.

If we have missed any out which you believe are important, please let us know by leaving a comment at the bottom of this article. 

1) Documents: Notification response rate

All of your organisations' documented procedures for identifying, collecting, storing, maintaining and amending quality and technical records are essential for keeping a healthy quality management system. But how do you know whether these procedures and records are being followed by all employees? 


An essential KPI is whether employees have acknowledged document changes. 

In EQMS Document Manager, documents can be sent out to be acknowledged by different groups or individuals. Employees recieve notifications and must log in, read the updated documents and acknowledge that they understand the updated procedures.

The response rate to these notifications is then displayed on the EQMS Dashboard. From the Dashboard, you can then see a list of everyone who has not acknowledged the document. You can then give this list to your leadership team or follow up yourself. 


2) Audits: Findings closure performance 

During the EQMS Audit and Inspection Manager webinar, 58% of the quality professionals said that their main auditing challenge was following up recommendations and actions. So how can you make sure that issues identified in audits are actually being addressed? 








Another KPI which should be tracked is whether audit findings have been cleared or if they are still outstanding. 

In EQMS Audit and Inspection Manager, when an issue is found in an audit, a workflow is triggered and notifications are sent to the appropriate individuals. Employees then receive information about what they need to do and a target date. On the EQMS Dashboard, you can then see how many audit findings have been cleared, how many are still outstanding and whether they were actioned on time or not. 

If there are actions overdue, the list of who is not performing can be accessed from the dashboard and sent to the relevant people to ensure it gets actioned. 


3) Training: Overdue training requirements

Ensuring health and safety, product and quality training is up-to-date is essential for many regulatory requirements. Training days can be missed, re-scheduled or cancelled for a number of reasons. So how do measure if all employee training is current? 

quality KPIstraining_management quality KPIs

You should be able to track whether there is any overdue training. 

In EQMS Training Records Manager, the system keeps a record of all new, overdue and completed training, as well as those which have never been scheduled or were scheduled but then completed late. Employees receive a notification about upcoming training, then must give their feedback about the training. This is key for management to understand the status of training activity. 


4) Risk: Overdue risk assessments

Regulators are increasingly requiring Leadership to demonstrate that they are managing risk. There often needs to be documentation on risk appetite, how risk is being managed and the actions from risk assessments. So how can you demonstrate that risk is being effectively managed? 



One key risk indicator is the number of overdue risk assessments. If there are lots which should have been completed, but haven't been, it exposes the organisation to more risk. 

EQMS Risk Manager enables you to assess, address, analyse and assign responsibility for risks. All the data for approved, assessed, submitted, overdue and risks under assessment can be viewed from the EQMS Dashboard. This enables the leadership team to instantly view whether they are at risk or if risk is being managed appropriately throughout all levels of the organisation. 


5) Issues: Overdue issues

Raising and closing issues is important, but what about the time it takes to actually close the issues? If a customer is waiting longer than your procedures say they should be, then quality is failing. 


It is important to track the number of overdue issues. In EQMS Issue Manager, when an issue is logged, a deadline is set to say when it needs to be dealt with. All the data about the issue status is then aggregated into the EQMS Dashboard to demonstrate whether it is raised, closed, approved, on hold or under review. 

This KPI gives management a key indication into whether employees need better training in managing issues. 


For more information about managing KPIs in EQMS, please download the datasheets from our the EQMS Datasheet Library

GRC Softwar datasheets


Tags: GRC Dashboard