Building a simple GRC tool for startups — what I learned so far

I’ve been building a small side project around cybersecurity for startups, and this week I focused on something specific: Trying to make frameworks like ISO 27001 / NIST actually usable for small teams. What I realized: – The frameworks themselves aren’t the problem – The way they’re consumed is Most teams don’t need 100 controls. They need: – Clarity – Prioritization – Direction So I built a lightweight assessment tool: – Maps to ISO 27001 (with NIST + CIS mapping) – Gives a maturity view – Suggests what to fix first One decision I stuck to: Everything runs locally — no login, no data storage. Still very much a work in progress, but it already helped me think about security posture more clearly. Would be great to hear from others building in this space: – How are you approaching security early on? – Are frameworks useful or overkill? If anyone’s curious, here’s what I’ve built so far: (Not pasting link here with commercial ideology. Pasting here for any possible feedbacks) https://thehgtech.com/tools/grc-assessment/ submitted by /u/thehgtech [link] [comments]Technical Information Security Content & DiscussionRead More