AI-grounded risk register, obligations tracker, controls library, and document analysis — built for Australian operators. ISO 31000 + ISO 37301 methodology. TCFD- and ASX CGP-aligned. Hosted in Australia.
Operators juggle dozens of compliance obligations across Federal, State, and industry frameworks. Spreadsheets break. Things slip. Regulators notice.
Obligations in spreadsheets, risks in one system, controls in another. No single source of truth. Audit season is a scramble.
New legislation drops, amendments take effect, your register doesn't update. You find out from the regulator, not before.
Assembling ESG reports takes weeks. Data from five different systems, manual consolidation, no confidence in the numbers.
From risk identification to board reporting — VigilRisk replaces spreadsheets, fragmented tools, and guesswork.
ISO 31000 compliant risk management with likelihood/impact heatmap, E/S/G pillar views, and AI-powered document analysis that maps evidence to risks.
Track every compliance requirement from environmental approvals to NGER reporting. Assessment history, evidence linking, and compliance status dashboard.
Reusable ISO 31000 control templates (Preventive, Detective, Corrective) mapped to risks and obligations. Track effectiveness and testing dates.
Context-aware compliance assistant that knows your entire register. Ask about obligations, draft controls, check framework requirements — instant, accurate answers.
Structured risk workshops with AI-generated briefing packs, participant voting, decision tracking, and auto-generated minutes.
AI monitors legislative changes across Federal, State, and industry frameworks. Flags affected obligations for review before you hear from the regulator.
The platform ships with the publicly-licensed Australian frameworks below pre-loaded. Bring your own additional PDFs and the AI generates obligations from them on import.
Pick the standards and legislation that apply — the platform ships with TCFD, ASX CGP, and NGER pre-loaded, and accepts your own PDFs to extend the corpus.
Ask VIGIL reads each framework and produces specific obligations with clause references and owners. You verify before publishing into your register.
Risks under ISO 31000 with E/S/G pillars, controls mapped to obligations, document evidence linked, workshops, regulatory change scanning. Export reports without the spreadsheet rebuild.
Two plans. Same feature surface — Operator+ adds room to grow on storage and AI usage. Prices in AUD, GST added at checkout.
Plans are managed in the platform admin and reflect here automatically.
The short version of what buyers ask before they sign up.
Spreadsheets and ad-hoc registers — risks, obligations, controls, evidence, and the audit trail behind them. The frameworks library, AskVigil RAG, and regulatory change scanning replace the manual cross-referencing work that usually sits with a single GRC lead.
Yes. The platform runs on Azure Container Apps in Australia East, with per-tenant Postgres flexible servers in the same region. Data residency is non-negotiable; we do not move tenant data offshore.
TCFD (Final Report 2017), ASX Corporate Governance Principles 4th Edition, and the NGER Act + Determination. You can add your own framework PDFs and the AI will generate obligations from them on import.
The risk register uses ISO 31000 likelihood × impact scoring with E/S/G pillars, mandatory control linkage, and an immutable hash-chained audit trail. Obligation tracking follows ISO 37301 methodology with evidence-based assessments. Both standards are methodology references — we do not redistribute the paywalled standards themselves.
Each plan includes a monthly AI token allowance (2M on Operator, 10M on Operator+). Tokens cover document analysis, AskVigil chat, and obligation generation. Usage shows in-app and is reset monthly. Going over the allowance shows a soft warning rather than hard-blocking.
Each legal entity should run as its own VigilRisk tenant for clean data residency and audit boundaries. Operator+ adds a consolidated read-only view across related tenants — see the Group feature in /app/admin/group.
Microsoft Entra (Azure AD) SSO is included on every plan. Each tenant can scope sign-in to one or more email domains; new users are auto-created as Viewer on first sign-in. SAML / OIDC for non-Microsoft IdPs is on the roadmap.
Cancel at any time from Settings → Billing. Access continues to the end of the current billing period. After 30 days we hard-delete tenant data; you can request a JSON export before then.
Book a 15-minute demo and see how VigilRisk handles your compliance obligations end-to-end.