CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, Privacy, and Reporting. It supports 130+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS, NIS2, DORA, GDPR, HIPAA, CMMC, and more.

Open-source GRC platform for modern security teams. Manage compliance (SOC 2, ISO 27001, HIPAA), risk registers, vendor assessments, and audits—all in one place. AI-powered, containerized, enterprise-ready.

A modern, all-in-one Governance, Risk & Compliance (GRC) solution designed for privacy, security, and compliance teams. As an open-source alternative to Vanta and Drata, this platform empowers teams with full control, flexibility, and transparency—no vendor lock-in, just powerful compliance automation and risk management. ISO27k, GDPR, SOC2, NIST

Open-source AI-powered GRC platform with multi-framework compliance management, crosswalk intelligence, and BYOK AI analysis. Supports NIST 800-53, ISO 27001, SOC 2, NIST AI RMF, and 12+ frameworks with 500+ controls.

Open Source version of CyberRisk Control Center - Security GRC Platform.

The first open-source GRC platform with an autonomous AI Agents

Open-source, agent-first GRC platform — fast, affordable compliance automation with AI

An experimental local Model Context Protocol (MCP) server that enables AI agents to securely interact with IBM OpenPages GRC platform through a standardized interface.

GRC208 Governance, Risk, and Compliance Capstone Project - AWS Integrated GRC Platform with compliance monitoring, risk assessment, audit logging, and a React dashboard.

An open-source GRC (Governance, Risk, and Compliance) platform designed to help teams manage security risks, compliance workflows, audits, and information assets. Built with Next.js, Tailwind CSS, and MongoDB — with a focus on usability, flexibility, and ISO 27001 alignment. Contributions welcome!

IT Operations and GRC platform

Open-source AI-powered GRC platform with multi-framework compliance management, crosswalk intelligence, and BYOK AI analysis. Supports NIST 800-53, ISO 27001, SOC 2, NIST AI RMF, and 12+ frameworks with 500+ controls.

Open source GRC platform for managing risks, controls, audits, and compliance frameworks such as ISO 27001, COBIT and NIST.

GRC Compliance Platform is a comprehensive web-based application designed to help organizations manage their Governance, Risk, and Compliance (GRC) activities.bBuilt using Python and Streamlit, this platform provides a centralized solution for managing compliance controls, tracking evidence artifacts, mapping controls across multiple frameworks

End-to-End Compliance Automation using Datadog, Shuffle SOAR & TheHive

Enterprise GRC Platform - Governance, Risk & Compliance automation with multi-framework support (CIS, NIST, ISO 27001, GDPR, PCI-DSS, HIPAA, NCA Saudi, SOC 2)

4th.GRC — A policy-driven Agentic AI governance and orchestration platform integrating PolicyEngine, Skill Registry, RAG Safety Envelopes, Constraint Evaluators, and evidence-based compliance automation.

Multi-tenant architecture, config-as-code, versioned frameworks, risk engines, evidence hashing, audit chains, plugin interfaces, SIEM events, and OpenTelemetry tracing. OpenGRC Engine is the backend foundation for building your own GRC portal, MSSP platform, or compliance automation pipeline.

GRC Platform - Governance, Risk & Compliance management with SOC 2 Type II focus

GRC Automation Platform for SMBs - Phase 1 MVP

No description available

GRC portfolio: Security policy pack and control evidence matrix for a fictional clinical data platform (HIPAA, NIST 800-53, SOC 2, HITRUST)

Agentic vulnerability management & GRC platform that correlates multi-scan Tenable data, applies exposure-aware risk reasoning, and generates audit-ready executive summaries.

A fully automated GRC Engineering Platform that calculates control coverage, effectiveness, and residual risk across NIST, ISO 27001, and SOC2 using canonical mapping, Python-based analytics, and a live GitHub Pages dashboard.

open source grc platform using refine

The un-official low-level client for the RSA Archer GRC platform.

Repo for the GRC based RAG Chatbot built on the n8n platform

Sentinel GRC Agent — Cross-platform compliance, vulnerability scanning & threat detection agent with native desktop GUI

ZeroH V2 - AI-native Islamic Finance GRC platform with intelligent control activation (12-26 controls based on deal configuration)

EasyGRC - Comprehensive GRC Compliance Platform with downloadable framework checklists for NIST CSF, GDPR, ISO 27001, PCI DSS, SOX, COBIT, and more