Welcome to OpenGRC
OpenGRC is a cyber Governance, Risk, and Compliance web application intended for use by small businesses and teams. This is not intended to replace large-scale GRC Platforms, but it just might for your usecase. OpenGRC provides a resource for those who need to manage a security program but can't manage the price tag and complexity of alternatives.
- Simple interface designed to get up and running with very little training
- Quick imports of common security frameworks
- Ability to connect Standards, Controls, and your actual Implementations
- Ability to perform audits for internal and external assessments
- Report generation capability to create deliverables for auditors
- Intuitive dashboards to display your progress
Above all, OpenGRC is written to solve cyber compliance headaches that tend to be caused by complex enterprise solutions. It doesn't have to be that hard!
How to get OpenGRC
OpenGRC is a web-based tool that requires the user to run a webserver and a database server. There are two ways to deploy OpenGRC: Install the software like a standard web application on your web server or install it in a containerized environment like Docker or Podman.
While OpenGRC is intended to be an easy-to-use tool, it does require some technical knowledge to install and maintain. If you are not comfortable with the installation process, you may want to consider hiring a professional to help you get started.
See the Installation Guide to get started hosting your own OpenGRC instance.
Documentation
All OpenGRC Documentation is maintained at https://docs.opengrc.com.
Contributing to OpenGRC
OpenGRC is an open-source project and we welcome contributions. Contribution guidelines will be published soon!
License
OpenGRC is licensed under the MIT License.
Security
If you believe you have found a security vulnerability in OpenGRC, please report it to [email protected].
Acknowledgements
OpenGRC is built on the shoulders of giants. We would like to thank the following projects for their contributions, whether direct or indirect, to OpenGRC:
Code of Conduct
The OpenGRC code of conduct is derived from the Laravel and Ruby codes of conduct. Any violations of the code of conduct may be reported to Lee Mangold ([email protected]):
- Participants will be tolerant of opposing views.
- Participants must ensure that their language and actions are free of personal attacks and disparaging personal remarks.
- When interpreting the words and actions of others, participants should always assume good intentions.
- Behavior that can be reasonably considered harassment will not be tolerated.