Building a Simple GRC Tool for Startups

The author developed a lightweight GRC (Governance, Risk, and Compliance) tool to make frameworks like ISO 27001 and NIST more practical for small teams. The tool focuses on clarity, prioritization, and direction rather than implementing all controls, offering a maturity view and suggestions for fixes. It maps to ISO 27001, NIST, and CIS while running entirely locally without requiring logins or data storage. The project is a work in progress and aims to simplify security posture assessment for startups.