Mithaq GRC unifies governance, risk, and compliance with a workflow engine — bilingual, audit-ready, and built to help you meet your compliance framework requirements (SAMA, SOC 2, PDPL) from day one.
Scroll to move through Mithaq GRC — the screen follows along.
A live, single-pane view of your compliance posture — active risks, controls coverage, pending requests, and recent activity.
Identify, score, and track organizational risk with auto-calculated levels and a built-in workflow.
Map controls to frameworks and to the risks they mitigate. Risks auto-promote to Mitigated when coverage is in place.
Track SOC 2, ISO 27001, NIST CSF, GDPR, and your own custom frameworks side by side, with a live coverage view.
Department-keyed evidence storage with report exports and time-limited download links.
Two-step approval workflow with immutable attachments, audit-grade trails, and configurable approvers.
Server-enforced, append-only audit log of every meaningful action — exportable for auditors at any time.
Modules, one source of truth
Languages — native Arabic & RTL
Onboarding, start to finish
Actions logged & immutable
Native Arabic UI with full RTL support — not an afterthought translation. Every screen, every export, every audit row.
Frameworks and terminology built for KSA regulators and Saudi enterprise reality. SOC 2, ISO 27001, and PDPL coverage out of the box.
Row-level security, server-enforced audit trails, and immutable evidence — designed for regulator-grade scrutiny.
Request access — we'll get your organization onboarded within 1 week.