Disclaimer
Last updated: May 31, 2026
Educational Purpose
All content on Do GRC — including learning paths, hands-on modules, AI scenarios, and case studies — is provided strictly for educational and informational purposes. Nothing on this platform constitutes professional legal, audit, compliance, or regulatory advice.
You should always consult qualified professionals for advice specific to your organisation's compliance obligations and regulatory requirements.
No Guarantees
While we strive to provide accurate and up-to-date content, Do GRC makes no guarantees regarding:
- Specific career outcomes, job placements, or salary expectations.
- Passing professional certifications or examinations.
- Regulatory acceptance or audit readiness of any framework implementation.
- The completeness or accuracy of content at any given time.
GRC frameworks and regulations are subject to change. We update our content regularly but cannot guarantee it reflects the very latest revisions at all times.
AI-Generated Content (Unreviewed)
Every user-facing piece of content on Do GRC — including learning paths, rooms, case studies, questions, model answers, scenarios, role-play conversations, and all of the games under /play/* — is generated by AI and has not been audited or fact-checked by a human GRC practitioner.
Because content is unreviewed, it may contain:
- Factual errors, inaccuracies, or outdated references.
- Hallucinated controls, clauses, or standards that do not actually exist.
- Misattributed framework names, control IDs, or regulatory citations.
- Oversimplifications that omit material nuance.
Treat everything on the site as a study aid only. Always verify against primary sources (NIST, ISO, the regulator's own publications, vendor documentation) before relying on any of it for real-world decisions.
Any internal automated or AI-based quality checks we perform on the content do not constitute a professional or independent audit and should not be treated as such.
AI Audit of Content
The readings, and the questions and answers, for our learning paths and case studies — together with the readings for our scenarios — have been AI-audited for accuracy, with flagged issues reviewed and corrected.
This audit was itself performed using AI. An AI audit is not a human or independent professional audit: it can miss errors, introduce new ones, and does not guarantee the accuracy, completeness, or currency of any content. Audited content should be treated the same way as the rest of the site — as a study aid to be verified against primary sources.
A full human audit of the content has been considered, but at the scale of this platform it has been found to be unfeasible and not a sound business decision on cost grounds. Having qualified GRC practitioners manually review — and then continually re-review — the entire, ever-growing library of learning paths, case studies, scenarios, and question banks would be prohibitively expensive. The AI audit described above is the proportionate alternative we have adopted in its place.
In addition, several features generate content dynamically, on the spot, at the moment you use them — including GRC Coach chat and AI-generated learning journeys, AI Check and AI Assist grading, Role Play, Exam Prep and Interview Prep, the Resume Point Generator, Play Arcade rounds, text-to-speech, and the GRC Toolkit AI-fill helpers. This output does not exist until you request it, so by its nature it cannot be audited in advance and is not covered by any content audit.
AI-Powered Evaluation
Many features on Do GRC are powered by AI. Because an AI is grading AI-generated questions, both the question and the grading can be wrong. AI-powered features include:
- GRC Coach chat and AI-generated learning journeys.
- AI Check and AI Assist on case-study and scenario questions.
- Role Play conversational practice scenarios.
- Exam Prep and Interview Prep question generation and grading.
- Resume Point Generator.
- Play Arcade AI-generated rounds and AI deep-dive explanations.
- Text-to-speech audio synthesis.
- GRC Toolkit AI-fill helpers across the risk, audit, compliance, vendor, threat, policy, business continuity, and board-reporting modules.
AI-generated feedback, scores, and model answers are provided for learning and practice purposes only. They do not constitute professional legal, audit, compliance, or risk management advice. See the Terms of Service (AI-Powered Features) for further detail on usage limits and liability.
Third-Party References
Do GRC references third-party frameworks, standards, and tools (such as NIST CSF, ISO 27001, SOC 2, PCI DSS, and others) for educational context. These references do not imply endorsement, affiliation, or partnership with the respective organisations. Trademarks and framework names belong to their respective owners.
External Links
The platform may contain links to third-party websites or resources. We are not responsible for the content, accuracy, or practices of external sites. Visiting external links is at your own discretion and risk.
Non-Affiliation Notice
Do GRC is an independent project and is not affiliated with, endorsed by, or sponsored by TryHackMe or Hack The Box.
Contact
If you have questions about this disclaimer, please contact us at hello@dogrc.com.