When you’re building out a GRC platform, you eventually hit that moment where “leaving notes” isn’t enough. Records, requirements, risks—everything ends up needing proper conversation around it. And that conversation has to live with the object, not in someone’s inbox or a random Slack thread. After ignoring this part for way too long, I finally decided to build a proper comments module that feels native to the way the rest of the platform works.
(more…)
GRC platforms are designed to allow relations between various GRC objects. Controls might be linked to assets, risks, organizations, Authority etc.
To provide the ability to manage mappings efficiently, the Mappings functionality should be available and also very user friendly. Mappings should not only be available from within the object, but rather implemented as a mappings layer, where any object can be quickly selected and mapped to another object.
(more…)
RACI shall be embedded into each GRC object. Any control, risk, asset etc. should have RACI associated with it.
(more…)
While user management is part of any system, implementing such functionality is vital and needs to align with platform capabilities and would also integrate with Roles, Permissions and also Groups capabilities.
(more…)
Will allow to have a centrally managed glossary that can be used by anyone and each term can be defined differently by different groups (variations)
(more…)
The complex GRC structure demands a complex relational database, and in some cases would require replication of various data to allow to store specific data aggregations.
While the ER is in development and will undergo changes, the overall structure begin to emerge
(more…)
Concentrate on the Information Security Space, or the Operational Risk at the most
Decided to spin this blog to document some of my GRC platform development.
Some thoughts:
Building a GRC platform isn’t an easy task, especially considering that different companies have different approaches to GRC processes. Some companies are less mature and require the barebones, other companies manage their GRC processes with lots of sophistication.
(more…)
Project: MapGRC (Laravel 12, Multi-Tenant)
Feature: Dynamic Sankey Diagram Visualization Page
Goal: To create an interactive Sankey diagram that visually represents relationships between GRC entities (Libraries, Types, Objects, and Requirements) across user-defined steps or sections, allowing users to explore complex mappings in a structured, intuitive, and analytical way.