This project provides you a GRC (Governance, Risk and Compliance) platform focused to manage Cybersecurity risks and control design.
With this platform you can comply with ISO 27001:2022, PCI and others requirements, also you can implement an Information Security Management System, execute IT Risk analysis and evaluation, design controls, get reports, and more.
Demonstrate trust to your customers, stakeholders and regulators, and stay compliant with cybersecurity frameworks.
You can not protect what you do not know, so in this module you can register IT providers, IT components, IT systems, processess and critical data, so you can evaluate risk and desing controls over such components to protect you data and mitigate cybersecurity risks.
You can reports and charts about TCP ports, IT components, data classification, business processes.
The platform provide you with the 93 ISO 27001:2022 controls already loaded, security attributues, security concepts, categories, so you basically need to complete the statement aplicability to show an Information Security Management System implemented in your organization.
You can get reports and charts about the Information Security Management System.
Also you can evaluate risks using CVSS (Common Vulnerability Score System) calculator integrated in the risk module.
You can evaluate risk factors and design the controls to mitigate risks.
Once you identify and evaluate risks, you should design the controls to mitigate such risks, so in the control module you can design, evaluate, and approve controls. Each control has a flow (draft, designed, implemented, approved), so the controls can be audited and evaluated to ensure they are effective to mitigate risks.
Stay compliant with cybersecurity frameworks. The platform also can be used to show compliance with legal, external or other compliance requirements like PCI, NIST, CIS Controls and OWASP.
In this module you can register the controls associated to each compliance requirement, get reports, charts and compliance status.
In this module basically you manage users, roles and privileges. If necessary, you can activate two factor authentication to users.
R - Read, W - Write, C - Create, u - Unlink
| Asset Management | ISMS | Risk Management | Control | Compliance | Settings | |
|---|---|---|---|---|---|---|
| GRC Admin | RWCU | RWCU | RWCU | RWCU | RWCU | RWCU |
| GRC Consultant | RWCU | RWCU | RWCU | RWCU | RWCU | RWCU |
| Asset Management | RWCU | R | R | R | R | R |
| ISMS | R | RWCU | R | R | R | R |
| Risk Management | R | R | RWCU | R | R | R |
| Control | R | R | R | RWCU | R | R |
| Compliance | R | R | R | R | RWCU | R |
| Guest | R | R | R | R | R | R |
You can send notifications to other users to inform about updates, requirements, collaboration or other information you want to communicate.
A log is generated to record all the activities that users perform in the system.
This module is based on Odoo 16 community version. So you need to setup an Odoo Server to install this addon.
- https://www.cybrosys.com/blog/how-to-install-odoo-16-on-ubuntu-2004-lts
- https://hub.docker.com/_/odoo
- https://hub.docker.com/_/postgres
pip packages required:
- pip3 install cvss==2.6
- pip3 install xw_utils==1.1.12
- https://democommunity.grc4ciso.com/
- guest / guest123
- email: [email protected]
- web: https://grc4ciso.com
- If you do not want to start from scratch download a database copy from https://github.com/grcbit/grc-db-test