Our Story

Continuum GRC, Inc. was incorporated in 2015 following a few incubation years inside Lazarus Alliance, out of a simple, stubborn observation: the world was drowning in compliance checklists while real risk was slipping through the cracks.

Our founder, Michael Peters, is an Air Force veteran who served as a supervisor in Enlisted Defensive Fire Control Systems before diving into the world of information security as a compliance expert for some of the largest organizations and a FedRAMP auditor to prominent cloud providers. He watched brilliant companies waste millions of hours filling out spreadsheets that became obsolete the moment they were submitted. Auditors asked the same questions every year. Security teams burned out. And still, breaches happened.

Michael kept asking one question no one seemed able to answer: “Why can’t compliance be continuous instead of a once-a-year panic?”

In a cramped office in Scottsdale, Arizona, he started building the answer. The first version of the Continuum GRC platform was ugly, over-engineered, and ran on a single server that crashed if more than three people logged in simultaneously. But it did something revolutionary—it pulled evidence automatically, mapped controls across frameworks in real time, and told you, every single day, exactly where you stood.

Early customers were the ones no one else wanted: fast-moving SaaS companies chasing FedRAMP authorization, healthcare startups terrified of HIPAA fines, and financial firms buried under NIST and PCI requirements. They didn’t need another consultant with a binder. They needed a system that worked like DevOps works for code—automated, transparent, always on.

Word spread the way it does in regulated industries—quietly, urgently, one exhausted CISO to another. By 2018, we had replaced spreadsheets at more than a hundred organizations. In 2020, when the world went remote overnight, companies that had been using Continuum GRC sailed through their audits while everyone else scrambled.

Today we’re still obsessed with the same problem we started with: turning compliance from a cost center into a real-time risk intelligence engine. Our platform now tracks millions of controls across FedRAMP, StateRAMP, TX-RAMP, CMMC, NIST, ISO 27001, SOC 2, PCI, HIPAA, and hundreds of other frameworks and modules; often for the same client at the same time. We’ve built the largest library of pre-mapped regulatory content in the world, and we still update it every single week.

But the mission hasn’t changed. We believe compliance shouldn’t be theater. It should be the by-product of running your business securely.

Every line of code we write, every new framework we map, every late-night support call we take—it all comes back to that first question Michael asked a decade ago.

How can we work smarter and not harder to support continuous compliance?

That’s our story. We’re still writing the next chapter, with our customers, one real-time dashboard at a time.

Welcome to Continuum GRC. We’ve been expecting you.

Continuum GRC – Our Timeline

From the garage server to the most widely adopted continuous compliance platform in regulated industries.

2006–2014 • The Incubation Years (Lazarus Alliance) Michael Peters builds the first versions of what would become Continuum GRC inside Lazarus Alliance. Early tools (IT Audit Machine – ITAM) automate evidence collection and control mapping for FedRAMP, PCI, and HIPAA assessments. The seed of “continuous compliance” is planted.

2015 • Continuum GRC, Inc. is officially incorporated in Scottsdale, Arizona. First commercial release: a clunky but revolutionary platform that auto-pulls evidence and maps controls in real time. First paying customer signs on within 60 days.

2016 • First 50 Customers Word spreads among FedRAMP-chasing SaaS companies. Platform replaces spreadsheets at dozens of cloud providers, preparing for Moderate and High authorizations.

2018 • 100+ Organizations Live crossing the 100-customer mark. Introduces unified control mapping across NIST 800-53, ISO 27001, SOC 2, and PCI-DSS simultaneously.

2019 • StateRAMP & TX-RAMP Early Adopter Selected by the first wave of companies pursuing StateRAMP and Texas-RAMP authorizations.

2020 • The Pandemic Proving Ground: When the world goes remote overnight, Continuum GRC customers complete audits without ever setting foot in an office. Competitors scramble; we become the go-to continuity story in the industry.

2021 • FedRAMP Authorized (Moderate) Continuum GRC becomes the first GRC platform to achieve full FedRAMP Moderate Authorization in its own right—proving the system is secure enough to protect the protectors.

2022 • CMMC Module Launch. Released the industry’s first fully automated CMMC compliance module just days after the framework was finalized.

2023 • 2.5 Million Controls Under Management Platform now tracks more than 2.5 million live controls daily. Adds native integrations with 200+ evidence sources (AWS, Azure, GCP, Okta, ServiceNow, etc.).

2024 • #1 Platform for StateRAMP & TX-RAMP Officially powers more authorized StateRAMP and TX-RAMP providers than any other GRC solution.

2025 • 100+ frameworks, hundreds of modules, thousands of assessments running simultaneously. Still headquartered in Scottsdale, Arizona. Still updating every framework every week. Still answering support tickets at 2 a.m. when your audit is due at 9 a.m.