Control framework independent


Practical and modern design


Encryption, own subdomain, 2FA



YICE guides in the controls jungle

Import, create and combine your own control frameworks,
ISO, NEN, BIO, DNB, FedRAMP, EBA, NIST and many other


Always an accurate compliance insight, so you can manage and adjust where needed


See and manage only the topics that are relevant for you


Manage your risks based on inherent, actual and/or net risk levels


Work together

YICE is a GRC platform that boosts collaboration! Give access to your security officer, auditor, CEO, business managers, system administrator, risk manager and external supplier. Every YICE user will be provided with the access rights needed to see and do what is part of their work. Nothing more, nothing less.


Configure your own colours for risk levels, risk/control alert criteria, professional jargon for control maturity levels, logfile retention period, authorization roles and privileges, etc. YICE can be tuned to your specific demands, without the need to hire expensive consultants.


YICE doesn’t dictate but supports your PDCA cycle. Define your assets, risks, controls and objectives. Execute the risk treatment plan according to your own schedule and priorities. Have the 1st and/or 2nd line perform ‘control self assessments’ and have the 3rd line (audit) assess and record the effectiveness of controls with evidence. Immediately take appropriate action if there are any non-conformities. YICE guides you through clear overviews and intelligent risk-based monitoring and alerts. You can receive daily or weekly emails with topics that require your attention.

Document upload

Upload your own documentation, e.g. policies, processes and ISO certificates of your third-party suppliers. Documents can be linked, fully encrypted, to individual items. And if you are more reassured to keep certain information on your own environment, then simply refer with hyperlinks to your documentation on Confluence, Sharepoint, Wiki or network shares.

Test once, comply to many

In YICE you have various options for linking controls from different frameworks. For example, you can indicate that ‘making back-ups’ is an ISO 27001, GDPR and SOC2 control. In this way, the audit process can be carried out effectively and efficiently and you will be able to answer compliance related questions from regulators, your customers and other stakeholders.

Import and export

Import control frameworks, your risk register, assets, improvement actions, audit results, etc. In addition, you can download reports (pdf) in every module, and make exports (csv). This can be useful, for example, to enrich your data or import certain information into your datawarehouse.

Benefit from years of practical experience

YICE is built from practice and the daily challenges of specialists in several industries


Security comes first

To secure your information, is our first priority

ISO 27001 certified

This means that the information security management system of YICE B.V. demonstrably meets the strict requirements of ISO 27001. We believe this is not only important for our hosting provider and the data centers, but also for ourselves. The ISO 27001 certification makes a significant contribution to the professionalism of our services and to customer confidence in the information security of the GRC platform YICE.

Security and continuity features

  • Fully separated client environment (own subdomain: ####.yice.nl)
  • Secure connection (HTTPS with class-leading SSL-certificates)
  • Two factor authentication (app, sms or email)
  • Full database encryption
  • Exhausive logging on user activities
  • Role Based Access Control (RBAC)
  • Managed VPS (SaaS) at Dutch ISO 27001 certified hosting provider
  • Data in Dutch ISO 27001 certified datacenters (Tier3+)
  • Layered back-up strategy (VPS, subdomain, database and file)
  • Continuity of services (e.g. optional Escrow SaaS)
  • Exit protocol

Fully automated pentests. Reports with detailed findings
available for inspection on request.

And much more, like client defined time-out period and log-file retention period.

Transparant license model

Choose a license model based on your current needs. Easily upgradable with extra users, data storage and additional options.



3 users

100MB data storage

4hrs set-up support


25 users

2GB data storage

8hrs set-up support

Multi Tenant

50 users

5GB data storage

8hrs set-up support

Multiple administrations on one environment


Control frameworks