Skip to content

Connect compliance frameworks like SOC 2, GDPR, and ISO 27001 using Secure Control Frameworks mappings.

License

Notifications You must be signed in to change notification settings

alsmola/graphgrc

Repository files navigation

GraphGRC

GraphGRC is data-driven documentation for a GRC program.

See source code and a published documentation example.

  • Semantic: GRC program requirements (SOC 2, ISO 27001, GDPR, etc.) parsed, structured, and redered with Markdown
  • Linkable: Map similar controls from different Framework with the Secure Controls Framework (SCF)

Use to connect and understand all of the applicable framework controls for your security program.

See the default selected frameworks:

See the one single SCF control set that maps all frameworks:

To customize

In scf.go, specify the applicable frameworks in the SupportedFrameworks map, e.g.:

var SupportedFrameworks = map[Framework]ControlHeader{
	"SOC 2":     "AICPA TSC 2017 (Controls)",
	"GDPR":      "EMEA EU GDPR",
	"ISO 27001": "ISO 27001 v2022",
	"ISO 27002":   "ISO 27002 v2022",
	// "ISO 27701":   "ISO 27701 v2019",
	"NIST 800-53": "NIST 800-53 rev5 (moderate)",
	// "HIPAA":       "US HIPAA",
}

Then, run the following command to generate the Markdown and create the internal links:

go run main.go

About

Connect compliance frameworks like SOC 2, GDPR, and ISO 27001 using Secure Control Frameworks mappings.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages