displayName
GRC Framework Assessment
workflowKind
governance
triggerType
scheduled
typicalCadence
quarterly
complexity
cross-team
description
Assesses organizational GRC (Governance, Risk, and Compliance) framework
maturity -- mapping control implementations against NIST CSF, ISO 27001,
and SOC 2 Type II requirements, evaluating control effectiveness through
automated evidence collection and testing, identifying control gaps and
redundancies across overlapping frameworks, reviewing policy document
currency and attestation completion rates, and scoring organizational
risk posture against peer benchmarks. Produces control matrix heat maps,
framework gap analyses, and audit readiness scorecards. Excludes control
remediation implementation.