A community driven GRC solution that doesn't break the bank

Trusted by a community of thousands for over a decade, eramba is simple, affordable, open software for Governance, Risk, and Compliance


Been there - done that


We are allergic to complicated, expensive, professional support dependent GRC tools

A decade ago a community of CISOs built a simple tool that would get the job done - build a Risk Framework, certify PCI-DSS or achieve a SOC2 Report, Etc.

Built by a small team, used by a community of thousands

The real fuel that keeps eramba running and improving is its global community of users that leverage our simple and open code, documentation, forum, release planning and business model.

Eramba Community


Simple, Open, Free and Perfectly Functional

Our open and free, well proven GRC software has helped a huge number of organizations around the world to certify Standards, build Risk frameworks, trace Incidents, manage Projects, Etc. For free, without users or data limitations. Without ties.

Eramba Enterprise


A flat fee yearly subscription that has no user or data limitation, includes support and all features.

The experience of running for over a decade our Community Software helped us build our Enterprise Software that includes unlimited Email Support, additional Features and regular Updates. Our ridiculously simple business model and affordable pricing is exclusively aimed at financing this project.


2500€ / license

GRC Templates


Don’t waste time and money. Get started with our GRC templates.

Our community driven repository of GRC templates is open and free for everyone no matter if you use eramba or not. Paying for templates is ridiculous if you consider the amount of brain power the GRC community has. Compliance, Internal Controls, Policies, Mappings, Questionaires, Etc.

Get Started

It ain’t no bullsheet.

Eramba offers you all the features a typical CISO needs in one package - no more spread sheets

Why Eramba



The product and the community are the priority of this project, the business is there just to tap on the yearly project costs.



Most our customers do not engage with professionals services because our tool is simple to use and our documentation open.



Because GRC is not rocket science there is no point on paying insane amounts of money for it. Dont be fooled!


Does the Job

For over a decade thousands of people have used eramba for ISO, PCI, SOC2 Reports, Risk Frameworks, Etc. Is ultra-proven.

Join the community

Let's Talk

Look at our FAQ and Documentation and if you feel this is for you just contact us


Just Start

Either with our free Community or ultra affordable Enterprise - Just get started and support this project.

Follow Us and Spread the Word
Follow our LinkedIn for Updates, Stories, Interviews and More!