TinyGRC Compliance

Simplifying Governance, Risk, and Compliance.

TinyGRC is an app for the Atlassian Confluence that helps you track basic compliance and visualize overall performance. Track SOC2, PCI, ISO27001, and HIPAA compliance efforts. Now includes Risk Assessment Matrix!

FedRAMP, NIST CSF and 800-53

We are adding new standards to TinyGRC to help you be compliant to more standards. FedRAMP is The Federal Risk and Authorization Management Program. NIST CSF is the Cyber Security Framework that consists of standards, guidelines and best practices to manage cybersecurity risk. NIST 800-54 rev 5 consists of Security and Privacy Controls for Information Systems and Organizations. Enjoy!

ISO 27001

We are releasing a new Cloud and Server versions in Atlassian Cloud. TinyGRC will now help you track ISO 27001 compliance efforts - a mandatory requirement to self-audit for ISO 27001, in addition to some of the bugfixes. ISO 27001 is an international standard for managing information security. Enjoy!

Server Version Released

We are announcing a server version release of TinyGRC where you can use this plugin within your local server environment and be fully compliant with certifications such as HIPAA, SOC2, PCI due to the fact that they require you to host sensitive data on your own servers. Remember, none of the saved data is stored on our cloud servers. All data you enter is stored in your localized confluence server installation. ... Read more

Getting Started

Getting Started with TinyGRC is easy. Here are few steps to get you going: Add external auditors to your Confluence as regular users. Create a group called tinygrc-auditors and add auditors to it. Create a new Confluence page and name it 2019 Compliance or similar. Add the plugin from the Add-Ons menu and select compliance type. Select PCI-DSS 3.2, SOC 2, or HIPAA compliance at this time. Save the page. ... Read more