II.
Workflow overview
Reference · liveworkflow:grc-framework-assessment
GRC Framework Assessment overview
Assesses organizational GRC (Governance, Risk, and Compliance) framework maturity -- mapping control implementations against NIST CSF, ISO 27001, and SOC 2 Type II requirements, evaluating control effectiveness through automated evidence collection and testing, identifying control gaps and redundancies across overlapping frameworks, reviewing policy document currency and attestation completion rates, and scoring organizational risk posture against peer benchmarks. Produces control matrix heat maps, framework gap analyses, and audit readiness scorecards. Excludes control remediation implementation.
Attributes
displayName
GRC Framework Assessment
workflowKind
governance
triggerType
scheduled
typicalCadence
quarterly
complexity
cross-team
description
Assesses organizational GRC (Governance, Risk, and Compliance) framework
maturity -- mapping control implementations against NIST CSF, ISO 27001,
and SOC 2 Type II requirements, evaluating control effectiveness through
automated evidence collection and testing, identifying control gaps and
redundancies across overlapping frameworks, reviewing policy document
currency and attestation completion rates, and scoring organizational
risk posture against peer benchmarks. Produces control matrix heat maps,
framework gap analyses, and audit readiness scorecards. Excludes control
remediation implementation.
Outgoing edges
applies_to_domain2
- domain:cybersecurity-grc·DomainCybersecurity GRC
- domain:compliance·DomainCompliance
involves_role3
- role:security-reviewer·RoleSecurity Reviewer
- role:principal-engineer·RolePrincipal Engineer
- role:planner·RolePlanner
performed_by_org_unit2
- org-unit:security-team·OrgUnitSecurity Team
- org-unit:risk-management-team·OrgUnitRisk Management Team
requires_skill_area2
- skill-area:incident-response·SkillAreaIncident Response
- skill-area:observability-pipeline·SkillAreaObservability Pipeline
triggers_responsibility2
- responsibility:run-security-scans·ResponsibilityRun security scans
- responsibility:threat-modeling·ResponsibilityThreat modeling
Incoming edges
None.