Built for Saudi enterprises

Compliance built for Saudi enterprises.

Mithaq GRC unifies governance, risk, and compliance with a workflow engine — bilingual, audit-ready, and built to help you meet your compliance framework requirements (SAMA, SOC 2, PDPL) from day one.

Scroll to explore
Inside the platform

Six modules. One screen at a time.

Scroll to move through Mithaq GRC — the screen follows along.

◇ GRC · RISK REGISTER
Risk Register
Identify, assess, and track organizational risks
Export
+ New Risk
Critical
7
Active critical risks
High
12
Active high risks
Overdue
3
Past target date
Due Soon
5
Due within 7 days
Risk Register41 total
Risk IDRisk NameCategoryLevelScoreStatus
R-104Critical20Open
R-098High16Open
R-087Moderate9Mitigated
R-071High12Accepted
R-063Low4Accepted
◇ GOVERNANCE
Controls
Track the safeguards that mitigate your risks
Export
+ Add Control
Effective
50
Working as designed
Needs Review
6
Awaiting next test
Deficient
2
Action required
Linked Frameworks
9
Mapped to frameworks
Control Library58 total
Control IDNameTypeStatusCoverage
C-01PreventiveEffective94%
C-02DetectiveEffective78%
C-03CorrectiveNeeds Review61%
C-04PreventiveEffective88%
C-05DetectiveDeficient35%
◇ COMPLIANCE
Frameworks
Track your compliance program against industry standards
Export
+ Add Framework
All Frameworks
9
Total tracked
High Coverage
4
≥ 80%
Partial Coverage
3
50–79%
Low Coverage
2
Below 50%
SOC 2 Type II
SOC 2
88%complete
18 controls · 2 open gaps
ISO/IEC 27001
ISO 27001
74%complete
24 controls · 5 open gaps
NIST CSF 2.0
NIST CSF
92%complete
21 controls · 1 open gap
Saudi PDPL
PDPL
67%complete
15 controls · 4 open gaps
◇ EVIDENCE
Documents
Organized evidence library by department
Upload Document
Total Documents
148
148 files
Storage Used
64 MB
Across 8 departments
Departments Covered
8 / 10
2 empty
Recent Uploads
12
12 in the last 7 days
Security
34 files · 12.4 MB
Information Technology
28 files · 9.1 MB
Finance
19 files · 6.8 MB
Legal & Compliance
22 files · 7.5 MB
Human Resources
16 files · 4.2 MB
Operations
11 files · 3.6 MB
◇ WORKFLOW
Requests
Route requests, track decisions, keep an auditable trail
+ New Request
Pending
5
Awaiting decision
Approved
23
Completed requests
Rejected
3
Rejected requests
Overdue
1
Overdue requests
PendingCompleted
WF-042Pending
Policy
WF-041Approved
Procedure
WF-039Approved
Policy
◇ LOG
Audit Trail
Immutable log of every action across your compliance program
Export
Activity LogFilter
TimestampActorActionTarget
10:42SAuto-Mitigated
10:28LApproved
09:55OCreated
09:30NUploaded
08:47FLinked
08:12LStatus Changed
◇ Dashboard · 26 May
Good morning, Layla.
Here's what's happening across your compliance posture today.
Active Risks
23
+ 5 pending review
Controls Coverage
86%
50 effective of 58
Pending Requests
5
5 awaiting review
Compliance Score
78%
Across 9 frameworks
Framework Coverage9 active
SOC 288%
ISO 2700174%
NIST CSF92%
Top Risksby score
R-104Critical20
R-098High16
R-071High12
Pending Requests5 requires action
WF-042Pending
WF-040Overdue
WF-037Pending
Recent Activitylive
10:42
10:28
09:55
09:30
01 / 07

Dashboard at a glance

A live, single-pane view of your compliance posture — active risks, controls coverage, pending requests, and recent activity.

02 / 07

Risk Register

Identify, score, and track organizational risk with auto-calculated levels and a built-in workflow.

03 / 07

Controls Library

Map controls to frameworks and to the risks they mitigate. Risks auto-promote to Mitigated when coverage is in place.

04 / 07

Compliance Frameworks

Track SOC 2, ISO 27001, NIST CSF, GDPR, and your own custom frameworks side by side, with a live coverage view.

05 / 07

Documents Library

Department-keyed evidence storage with report exports and time-limited download links.

06 / 07

Requests & Approvals

Two-step approval workflow with immutable attachments, audit-grade trails, and configurable approvers.

07 / 07

Audit Trail

Server-enforced, append-only audit log of every meaningful action — exportable for auditors at any time.

0

Modules, one source of truth

0

Languages — native Arabic & RTL

0 week

Onboarding, start to finish

0%

Actions logged & immutable

Why Saudi-first

Built for the way Saudi enterprises actually operate

Bilingual by design

Native Arabic UI with full RTL support — not an afterthought translation. Every screen, every export, every audit row.

Built to help you meet your frameworks (SAMA, SOC 2, PDPL)

Frameworks and terminology built for KSA regulators and Saudi enterprise reality. SOC 2, ISO 27001, and PDPL coverage out of the box.

Data stays under your control

Row-level security, server-enforced audit trails, and immutable evidence — designed for regulator-grade scrutiny.

Ready to bring your GRC under one roof?

Request access — we'll get your organization onboarded within 1 week.