Skip to content

A new era of GRC software: Introducing the Enterprise Action Model (EAM)

Anthony Stevens |

February 27, 2024
A new era of GRC software: Introducing the Enterprise Action Model (EAM)

Audio version

A new era of GRC software: Introducing the Enterprise Action Model (EAM)


I'm thrilled to share with you a groundbreaking shift in the world of Governance, Risk, and Compliance (GRC). We're talking about a transformation that not only redefines the foundational model for risk and compliance but also introduces an unparalleled inflexion point in the experience of GRC software.




A new foundation for GRC

In our pursuit of innovation, we’ve been steadfast in our mission to develop software that embodies intelligence in its simplest form. Our goal has been to craft software that’s not only smart but also so intuitive that it practically vanishes into the background of your everyday workflow. Imagine a platform that anticipates your needs, offers insights on the things that matter most to you, and helps you accomplish tasks with unprecedented speed. This is the vision that has driven us to reimagine the fundamental approach to GRC software.

The limits of traditional GRC software

Let's take a moment to reflect on the GRC software that has been the industry standard for decades. Its core functionality is not necessarily the issue; rather, it's the underlying architecture—a simple database-driven design with a user interface reliant on forms, grids, and static reports. This traditional setup requires users to navigate through a labyrinth of screens for each task, from running audits to building risk registers. Even then, risk and compliance professionals often find themselves working outside of their GRC solution scouring their internal LMS, various tools and the internet for insights and data that could be relevant to completing their daily activities and tasks. It's a time-consuming process that organizes information without truly streamlining the decision-making process.

Beyond chatbots: The limitations of current AI

Since 2019, at 6clicks, we've embarked on a journey with artificial intelligence (AI) to alleviate the manual burdens of risk and compliance professionals. Our pioneering AI engine, Hailey, began by identifying the overlaps between various standards, laws, frameworks and regulations. As the technology evolved, so did our capabilities, extending to policy gap analysis, control definitions, and audit responses powered by unstructured data classification, Natural Language Processing (NLP), Machine Learning (ML), Large Language Models (LLMs) and generative AI. Despite the advancements, we recognized a gap. AI, as exemplified by tools like ChatGPT, understands a language with increasing nuance but often falls short in providing actionable insights and contextual expertise specific to an enterprise's needs; what's more, it itself cannot act on what it does know or if it can, in a very limited fashion.

Introducing the Enterprise Action Model (EAM)

Our insights into these challenges led us to create the Enterprise Action Model (EAM), a groundbreaking approach that transcends the limitations of current software and AI chatbots. The EAM understands and acts upon human intentions by leveraging a combination of your GRC data, company-specific knowledge, and relevant external data sets. This isn't just a new feature—it's a new paradigm that redefines productivity and outcomes for GRC professionals.

Take, for example, the need to find the high risks relevant to your organization's EMEA region. Well, not only does the EAM, driven through a chat interface, list out those risks, but you can also request to plot them on a risk matrix. That's quite a simple example; if you wanted to run a new risk assessment on those risks, you could request to kick off a new risk review, send the task to the risk owners, as well as any corresponding data (policy updates, customer data, news headlines, etc.) within the organization that might be relevant to the risk and the new risk assessment. While the first example is more basic, the second opens up the world to an entirely new paradigm of risk and compliance, how software is built, how we interact with software, and what we expect of software. This is what we're pioneering through the introduction of the Enterprise Action Model. 


Real-time interactions and universal access

Our EAM is engineered for real-time interaction through chat interfaces, offering a seamless experience akin to a conversation with a trusted advisor who knows your business inside out. What's more, we don't believe this interface and these interactions should be limited to the risk and compliance team but also the wider organization and key stakeholders, like the C-suite, board members, and even auditors and regulators. Obviously, it's critical to be able to control what you share with stakeholders, which will always be inherent to how we build this capability. Still, they'll be able to engage with your GRC program from where they work, like their Microsoft Teams account, granting universal access to every stakeholder in your GRC program, fostering a culture that positively embraces and leverages risk and compliance as an asset. Whether you are a business user, a risk manager, a compliance officer, or an executive, the power of EAM will be at your fingertips in an environment you already know and trust.

Empowering partners to deliver better

We're ensuring that the EAM's capabilities are within reach of everyone through familiar tools. Moreover, the flexibility of EAM allows for customization, enabling enterprises to tailor the experience to their specific needs based on their internal data, resources and expertise, and relevant external data sources. For our community of advisors and Managed Service Providers (MSPs), this means the ability to supercharge your consultancy services with an EAM customized and trained on your IP and expertise to provide extremely tailored services, ensuring alignment with your clients' industry-specific requirements.

The future is here

Today marks the beginning of a new chapter in GRC, where complexity is replaced with clarity, and action instantly follows insight. With the Enterprise Action Model, we're not just enhancing a software platform but empowering people to navigate the complexities of risk and compliance with confidence and ease.

Join us in embracing this new paradigm, and let's redefine what's possible in GRC together.



Anthony Stevens

Written by Anthony Stevens

Ant Stevens is a luminary in the enterprise software industry, renowned as the CEO and Founder of 6clicks, where he spearheads the integration of artificial intelligence into their cybersecurity, risk and compliance platform. Ant has been instrumental developing software to support advisor and MSPs. Away from the complexities of cybersecurity and AI, Ant revels in the simplicity of nature. An avid camper, he cherishes time spent in the great outdoors with his family and beloved dog, Jack, exploring serene landscapes and disconnecting from the digital tether.