Platform

Clarity

Compliance, risk and third-party management in one portal

Clarity is the GRC platform behind Blackfoot's managed GRC subscriptions. It brings your compliance frameworks, risk register and supplier assurance into one portal — replacing the spreadsheets, shared drives and disconnected trackers that make governance harder than it needs to be. Requirements, controls, risks, evidence and tasks all live in one place, with clear ownership and a live view of where you actually stand.

On the compliance side, Clarity holds your frameworks — PCI DSS, ISO 27001, Cyber Essentials, NIST CSF, GDPR and custom control sets among them — with controls, assessments and evidence tracked year-round rather than assembled in a panic before each audit. For risk, it provides a living risk register with structured assessments, treatment plans, clear ownership and risks mapped to the controls that address them. For third-party risk, it issues supplier questionnaires automatically, captures responses and evidence, and presents risk ratings on supplier dashboards — so supplier assurance is a continuous process rather than a one-off check at onboarding. Documents and evidence attach directly to the controls, risks and treatment plans they support, and everything is exportable when an auditor, insurer or customer asks.

A GRC platform you never have to run yourself

Clarity comes as part of a managed service, not as a software licence. Blackfoot configures the platform around your frameworks, scoring approach and responsibilities, provides practical onboarding and ongoing how-to support, and keeps the programme moving with consultant-led reviews — so the portal stays a working system rather than a passive register. Task notifications and reminders keep recurring activity on track, dashboards give you live status at a glance, and the effort you would otherwise spend assembling evidence before an audit largely disappears, because the evidence was captured as the work was done. That is the difference between a portal you have to feed and a service that keeps itself current.

It is used day to day by compliance managers, risk owners and the people responsible for supplier assurance — and because client users are unlimited, control owners and task assignees across the business can work directly in the platform at no extra cost. Clarity underpins our Compliance as a Service, Risk Management as a Service and Third-Party Risk Management subscriptions, and the same portal serves all three, so your compliance status, risk picture and supplier assurance stay connected. Start with the service you need most and add the others without changing platform, process or supplier.

What it does

Compliance frameworks and controls

PCI DSS, ISO 27001, Cyber Essentials, NIST CSF, GDPR and custom control sets, with assessments and control tracking maintained year-round.

Evidence in one place

Attach evidence and documents to controls, risks and treatment plans as you go — dramatically reducing audit preparation effort and eliminating pre-assessment scrambles.

Risk register and treatment

Structured risk assessments, treatment planning, ownership assignment and risk-to-control mapping — a living register instead of a spreadsheet that ages between reviews.

Third-party risk management

Supplier questionnaires issued and captured automatically, with analyst risk ratings, response and evidence review, and supplier dashboards.

Unlimited client users

No per-seat licensing. Give every control owner, risk owner and task assignee direct access without watching a user count.

Dashboards and notifications

Live dashboards show compliance status, risk posture and supplier assurance at a glance, while task notifications and reminders keep recurring work on schedule.

Frequently asked questions

Straight answers to what prospective clients ask us most.

Do extra users cost more?

No. Clarity comes with unlimited client users as standard, so you can give control owners, risk owners and task assignees across the business direct access without per-seat charges.

Is Clarity a software licence we have to run ourselves?

No. Clarity is provided as part of Blackfoot's managed GRC services. We handle setup, framework configuration and control mapping, provide ongoing how-to support, and on managed tiers our consultants lead regular review sessions to keep your programme active.

Which frameworks does Clarity support?

PCI DSS (including all SAQ variants), ISO 27001, ISO 9001, ISO 42001, Cyber Essentials and Cyber Essentials Plus, NIST CSF and GDPR, alongside custom assessments and internal auditing. Additional and bespoke frameworks are also supported.

Can compliance, risk and supplier management run in the same portal?

Yes — that is the point of Clarity. All three of our managed GRC services run on the same platform, so your governance picture is joined up rather than split across tools. You can start with one service and add the others later without re-onboarding or migrating data.

See Clarity in action

Book a walkthrough with our team.