graphgrc

GraphGRC

GraphGRC is data-driven documentation for a GRC program.

See source code and a published documentation example.

• Semantic: GRC program requirements (SOC 2, ISO 27001, GDPR, etc.) parsed, structured, and redered with Markdown
• Linkable: Map similar controls from different Framework with the Secure Controls Framework (SCF)

Use to connect and understand all of the applicable framework controls for your security program.

See the default selected frameworks:

• GDPR
• SOC 2
• ISO 27001
• ISO 27002
• NIST 800-53

See the one single SCF control set that maps all frameworks:

• SCF

To customize

In scf.go, specify the applicable frameworks in the SupportedFrameworks map, e.g.:

var SupportedFrameworks = map[Framework]ControlHeader{
	"SOC 2":     "AICPA TSC 2017 (Controls)",
	"GDPR":      "EMEA EU GDPR",
	"ISO 27001": "ISO 27001 v2022",
	"ISO 27002":   "ISO 27002 v2022",
	// "ISO 27701":   "ISO 27701 v2019",
	"NIST 800-53": "NIST 800-53 rev5 (moderate)",
	// "HIPAA":       "US HIPAA",
}

Then, run the following command to generate the Markdown and create the internal links:

go run main.go

This site is open source. Improve this page.