GRC Assessment Questionnaire
Total Controls
0
Implemented
0
Gaps
0
Assessment Details
Data Management
Control Maturity by Family
Risk Heat Map
Based on identified gaps. Click a cell to view details.
About This GRC Assessment Tool
About Me
My name is Briar Schreiber, and I'm a GRC Professional working in the public sector. I put together this tool to demonstrate and educate others on the basics of frameworks I work with every day.
If you find this useful, feel free to reach out to me: briarrose (AT) mailbox.org. You can also buy me a coffee if you are feeling generous.
Purpose
This tool is a standalone, browser-based questionnaire designed for Governance, Risk, and Compliance (GRC) professionals to assess an organization's security posture against various frameworks. It provides a comprehensive platform for data entry, analysis, and reporting without requiring any server-side infrastructure.
How to Use This Tool
- Assessment Tab: Begin by selecting your desired assessment framework and entering metadata like the name, assessor, and date.
- Questionnaire Tab: Proceed through each control, assigning a maturity score and documenting evidence, compensating controls, and remediation plans for any identified gaps.
- Analyze Results: Use the "Control Maturity" and "Risk Heat Map" tabs to visualize the assessment results and identify high-priority areas.
- Review Reports: The "Gaps Report" tab provides a focused list of all identified deficiencies, while the "Full Report" tab compiles all information into a single, print-friendly view.
- Data Management: You can save your entire assessment to a local JSON file at any time and load it back later to continue your work. All data is saved automatically in your browser as you work.
Data Privacy & Storage
All data entered into this tool is stored locally within your web browser's IndexedDB. No information is ever transmitted to a server. This ensures your assessment data remains private and under your control. You can clear all data at any time by using the "Start New Assessment" button.
Disclaimer
This tool is intended to be a guide and a data collection aid. It is not a substitute for professional GRC consultation or a formal audit. The results and reports generated should be reviewed and validated by qualified personnel.