Rapid7 Launches Cyber Governance, Risk, and Compliance (GRC) Early Access Program to Unify Security Data, Risk Context, and Compliance Workflows

New program delivers a preemptive, evidence-backed approach for reducing risk and continuously validating control effectiveness

BOSTON, May 12, 2026 (GLOBE NEWSWIRE) -- Rapid7, Inc. (NASDAQ: RPD), a global leader in AI-powered managed cybersecurity operations, announced early access to its Cyber Governance, Risk, and Compliance (GRC) program, designed to unify security operations with governance, risk, and compliance workflows. Built on the Rapid7 Command Platform, Cyber GRC uses real time exposure data as the operating foundation for both security and compliance; aligning controls, evidence, and risk decisions to live threats rather than static frameworks to help customers manage their GRC requirements.

Regulatory requirements are expanding across jurisdictions and frameworks, while cyber risk continues to scale in complexity. Most compliance processes remain point-in-time and disconnected from live security operations, reinforcing reactive models that lag behind how risk develops. Rapid7’s Cyber GRC program replaces reactive compliance with a unified model for risk and controls. By combining AI-driven third-party risk management with a live, threat-aware risk register, it integrates GRC into security operations to provide executives with transparent, data-backed visibility.

“Organizations invest heavily in security tools, but many are still left to determine how to validate control effectiveness and demonstrate compliance,” said Jon Schipp, Senior Director of Product Management at Rapid7. “Cyber GRC connects fragmented data across assets, exposures, and controls to the attack surface, giving teams a clear view of risk and enabling consistent, evidence-backed outcomes.”

Rapid7 is building an ecosystem of audit, assurance, and GRC partners on the Command Platform to support continuous assurance:

• HITRUST: Provides the industry’s most rigorous, certifiable assurance, enabling organizations to demonstrate proven, defensible security and risk management aligned to recognized standards and requirements.
• Insight Assurance: A trusted independent assessor, delivering rigorous, technology-enabled assessments across SOC 2, ISO 27001/42001, HITRUST, CMMC and other frameworks It is focused on validating control effectiveness for organizations looking to simplify compliance.
• 360 Advanced: Delivers integrated compliance solutions to a global client base across industries ranging from technology startups to Fortune 500 organizations, with cybersecurity and compliance offerings that include ISO 27001, FedRAMP, HITRUST, SOC, penetration testing, risk assessments, and more. 360 Advanced operates under an alternative practice structure in accordance with all applicable laws, regulations, standards, and codes of conduct of the AICPA.
  

In addition, Rapid7 is extending capabilities that support continuous control monitoring, evidence collection, and audit workflows, including:

• HITRUST e1, i1, and r2 Control Coverage: Continuously updated dashboards and queries monitor HITRUST controls, automate evidence collection, and detect control drift to support certification readiness.
• Audit-Ready User Access Exports: Self-service export provides a consolidated view of users, groups, roles, and access data to support access reviews and compliance audits.
• Unified Policy Bulk Export: Standardized bulk export consolidates agent and scan policy data into a single output to simplify policy reporting and support compliance workflows.
• VM Export MCP Server & Skill: Enables customers and agents to retrieve Rapid7 data for compliance, vulnerability management operations, and reporting in a highly efficient way.

“Organizations today are in a constant tug of war between regulatory requirements and daily security operations. With Rapid7 Cyber GRC, the Command Platform now provides a unified place where controls, vulnerability insights and audit details live together. The benefit to practitioners is a single place that not only implements controls but also helps prove them with examination readiness and defensible reporting, “ said Christopher Conklin, VP, Chief Information Security Officer, Chemung Canal Trust Company.

“Today’s organizations need a partner that brings together security operations, risk management, and governance into a cohesive strategy. This technology allows us to deliver on that vision,” said Mat Cornish, Managing Director, Longwall Security, Rapid7 EMEA Services Partner of the Year, 2026

The Cyber GRC Program is currently available for early access, with broader availability planned for later in 2026.

To learn more or to sign up for the program, visit http://www.rapid7.com/blog/post/cds-rapid7-cyber-grc-secops-compliance.

About Rapid7

Rapid7, Inc. (NASDAQ: RPD) is a global leader in AI-powered managed cybersecurity operations, trusted to advance organizations’ cyber resilience. Open and extensible, the Rapid7 Command Platform integrates security data, enriching it with AI, threat intelligence, and 25 years of expertise and innovation to reduce risk and disrupt attackers. As a recognized leader in preemptive managed detection and response (MDR), Rapid7 unifies exposure and detection to transform the cybersecurity operations of more than 11,500 customers worldwide. For more information, visit our website, check out our blog, or follow us on LinkedIn or X.

Rapid7 Media Relations
Alice Randall
Director, Global Communications
press@rapid7.com
(857) 216-7804

Rapid7 Investor Contact
Matt Wells
Vice President, Investor Relations
investors@rapid7.com
(617) 865-4277

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.