TinyGRC Compliance
Simplifying Governance, Risk, and Compliance.
TinyGRC is an app for the Atlassian Confluence that helps you track basic compliance and visualize overall performance. Track SOC2, PCI, ISO27001, and HIPAA compliance efforts. Now includes Risk Assessment Matrix!
Getting Started
Getting Started with TinyGRC is easy. Here are few steps to get you going:
- Add external auditors to your Confluence as regular users.
- Create a group called tinygrc-auditors and add auditors to it.
- Create a new Confluence page and name it 2019 Compliance or similar.
- Add the plugin from the Add-Ons menu and select compliance type.
- Select PCI-DSS 3.2, SOC 2, or HIPAA compliance at this time.
- Save the page.
- Add authorized people to the page by clicking the lock button above.
- Restrict auditors to this newly created page.
Once the page is created, you can start uploading your evidence. You will have a choice of typing in a responce, attaching multiple files, or both. You can also create new page with Risk Assessment Matrix prefilled with average responses. You can modify this page to fit your real risk exposure.
Auditors in turn can accept, reject, or mark as incomplete submitted answers, while also providing written notes in the field.
Pie chart will show overall progress. You can filter answers by clicking on pie-chart sections.
Conversely, if you are an audit firm, simply add your customer as a user to the Confluence space, and restrict that space. Interaction will be similar.
Please note: All your evidence files, comments, etc., are stored within your Confluence page by Atlassian and NOT on our servers. Therefore, it is important to restrict access to this page by clicking the lock icon on the top of the page.
Thank you for using TinyGRC.