The data management side of GRC is not a hard problem to solve. This is why, for many small companies, an Excel spreadsheet is the tool-of-choice. But, as Security professionals know (or quickly find out), Excel GRC still comes with a bunch of downsides (e.g. Task Management, Evidence Collection, Risk Management, Sharing of data, Reporting, etc..).
The obvious solution is to choose one of the many commercial GRC tools on the market! Unfortunately, those tools are almost exclusively both expensive and super complex – requiring both large budgets for purchase AND ramp up…
I decided it’s time for a new option. A Free, Open-Source, and Intuitive choice for the SMB space. And I call that OpenGRC.
There is a long way to go here, but I’m building the tool that I’ve wanted and needed for both myself as well as the hundreds of clients I’ve had the privilege of serving. We’re all trying to accomplish the same basic functions: Controls Library curation, Compliance Management, Audit Management, Risk Management, etc… And, from a data-standpoint, these are NOT hard things to accomplish. What IS hard is designing a UI that simply lets you do the job you need to do without overly-complicated, nth-degree mappings between everything everywhere.
This is what I set out to do. Create a tool for SMBs. For people like me who work with the SMBs of the world. For those who don’t want to spend $30k for a more complicated spreadsheet.
We’re only getting started!