Submarine

Compliance you can prove — across every framework.

Submarine is the governance, risk & compliance platform for insurers and brokers in the UAE, Saudi Arabia and the wider GCC. Maintain one control set, satisfy many frameworks, and stay audit-ready continuously.

Sign inTalk to sales
app.grcsubmarine.com/

Control coverage

78%

Open risks

12

Frameworks

5

Coverage by framework

ISO 2700182%
NCA ECC-264%
EU AI Act90%
Audit-readyupdated 2026-06-16 09:12 UTC

Frameworks

Regional & international, out of the box

NCA ECC-2:2024

Saudi Arabia · NCA

SAMA CSF

Saudi Arabia · SAMA

OTCC

Saudi Arabia · NCA

ADHICS v2

Abu Dhabi · DoH

UAE IA

UAE · TDRA

CBUAE Rulebook

UAE · Central Bank

DHA NABIDH

Dubai · DHA

ISO/IEC 27001

International

NIST CSF

International · NIST

NIST 800-53

International · NIST

EU AI Act

European Union

Saudi PDPL

Saudi Arabia · Data protection

For the C-suite

Your whole compliance posture, on one board-ready screen

CEOs, COOs and CROs open Submarine to a live dashboard — control coverage, open risk, and framework readiness — without waiting on a spreadsheet refresh.

  • Real-time coverage & risk metrics
  • Per-role, configurable dashboards
  • Evidence the board and regulators trust
app.grcsubmarine.com/

Control coverage

78%

Open risks

12

Frameworks

5

Coverage by framework

ISO 2700182%
NCA ECC-264%
EU AI Act90%
Audit-readyupdated 2026-06-16 09:12 UTC

For risk managers

A risk register that scores, ranks and links to controls

Run a 5×5 register with a configurable scoring formula, AI residual-risk assessments, and third-party risk — every risk tied to the controls that mitigate it.

  • 5×5 likelihood × impact heatmap
  • AI residual-risk assessments
  • Vendor / third-party risk (TPRM)
app.grcsubmarine.com/risks
IDRiskLevel
RSK-001Cloud misconfigurationHigh 15
RSK-002Key vendor outageMedium 9
RSK-003AI model biasHigh 12
RSK-004Phishing / BECMedium 6

Heatmap

impact × likelihood

For compliance & security

Define a control once, satisfy every framework

Map a single common control set across NCA ECC, ISO 27001, NIST CSF, the EU AI Act and more. Test once, comply many — with evidence and findings tracked in place.

  • One control graph across frameworks
  • Evidence & control testing
  • Findings & remediation workflow
app.grcsubmarine.com/controls/AC-2

AC-2

Account management

Implemented

Satisfies — one control, four frameworks

ISO 27001 · A.9.2NCA ECC · 2-2-1NIST CSF · PR.ACEU AI Act · Art.15
Covered 41Mapped 12Gap 7

AI, built in

An AI Copilot that knows your program — and AI governance to match

Ask the Copilot about your gaps, risks and controls in plain language, grounded in your live data. Inventory AI systems and tier them under the EU AI Act with oversight tracking.

  • AI Copilot grounded in your org's data
  • EU AI Act tiering & human oversight
  • Plan-aware — stays within your entitlements
app.grcsubmarine.com/ · AI Copilot
Which frameworks have the most open gaps?
NCA ECC-2 has the most gaps (7), then SAMA CSF (4).

AI system inventory — EU AI Act tier

ProhibitedHigh-riskLimitedMinimal

Everything a regulated team needs, in one place

Append-only audit trail

Every change recorded with who, what and when — by default.

Configurable to your org

Custom risk categories, fields and Excel import on every register.

Policies & documents

Full policy lifecycle and a versioned document store (Enterprise).

Business continuity

Continuity & recovery plans with objectives and test cadence (Enterprise).

API & access control

Role personas, per-module permissions, SSO and a REST API (Enterprise).

Built for the GCC

Regional frameworks, data-residency awareness and an RTL-ready UI.

See your compliance posture in one place

Enterprise and Basic plans available. Contact us to get started.

Contact sales