By GRCEngClub
Assess third-party vendor security by analyzing questionnaire responses for completeness and red flags, calculating inherent and residual risk scores, and generating full assessment reports with ratings, peer comparisons, and treatment recommendations.
Analyzes vendor security questionnaire responses. Identifies red flags, gaps, and areas requiring follow-up. Supports SIG, CAIQ, and custom questionnaires.
Calculates vendor risk scores using inherent and residual risk factors. Generates risk ratings, comparisons, and treatment recommendations.
Conducts comprehensive vendor security assessments. Evaluates vendor security posture, identifies risks, and generates assessment reports with recommendations.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
npx claudepluginhub grcengclub/claude-grc-engineering --plugin grc-tprmDeploy a serverless trust center to publish your company's compliance posture. Supports AWS deployment with S3, CloudFront, Lambda, DynamoDB, Cognito, and WAF.
FedRAMP Rev 5 Plugin - Traditional authorization path with SSP/SAP/SAR/POA&M documentation and NIST 800-53 Rev 5 control mapping
CSA CCM Plugin - Cloud Security Alliance Cloud Controls Matrix with 197 controls and CAIQ support
US Export Controls Plugin - ITAR and EAR compliance for defense and dual-use technologies
SOC 2 Compliance Plugin - Trust Service Criteria expertise, Type I/II assessment support, and control mapping
GRC Internal Plugin - Policy management, risk registers, and compliance tracking for internal GRC teams
GRC (Governance, Risk, and Compliance) domain knowledge — frameworks, controls, audits, evidence, ConMon, cross-framework mappings, document review, and operational workflows. Cloud-agnostic.
Expert SOC 2 compliance advisor covering all Trust Services Criteria — gap analysis, policy drafting, control documentation, audit evidence, and vendor risk.
Ultra-compressed communication mode. Cuts 65% of output tokens (measured) while keeping full technical accuracy by speaking like a caveman.
Comprehensive UI/UX design plugin for mobile (iOS, Android, React Native) and web applications with design systems, accessibility, and modern patterns
Standalone image generation plugin using Nano Banana MCP server. Generates and edits images, icons, diagrams, patterns, and visual assets via Gemini image models. No Gemini CLI dependency required.