Plugin

grc-tprm

Name: grc-tprm
Author: rifh2000

By rifh2000

GRC Third-Party Risk Management Plugin - Vendor assessments, questionnaire analysis, and risk scoring

Component Overview

/analyze-questionnaire, /assess-vendor +1

Commands

Agents

questionnaire-analyzer, tprm-scorer +1

Skills

Hooks

MCP Servers

LSP Servers

Output Styles

Themes

Monitors

Install

npx claudepluginhub rifh2000/claude-grc-engineering. --plugin grc-tprm

Component Details

Commands (3)

Analyze Questionnaire

/analyze-questionnaire

Analyze vendor security questionnaire responses

Assess Vendor

/assess-vendor

Perform vendor security assessment

Score Risk

/score-risk

Calculate vendor risk score and rating

Skills (3)

questionnaire-analyzer

/questionnaire-analyzer

Analyzes vendor security questionnaire responses. Identifies red flags, gaps, and areas requiring follow-up. Supports SIG, CAIQ, and custom questionnaires.

tprm-scorer

/tprm-scorer

Calculates vendor risk scores using inherent and residual risk factors. Generates risk ratings, comparisons, and treatment recommendations.

vendor-assessor

/vendor-assessor

Conducts comprehensive vendor security assessments. Evaluates vendor security posture, identifies risks, and generates assessment reports with recommendations.

README

claude-grc-engineering

The official open-source GRC toolkit from the GRC Engineering Club. Checkbox compliance to engineered systems, shipped as Claude Code plugins: persona plugins for engineers, auditors, internal GRC teams, and TPRM; 20+ framework reference plugins from SOC 2 to FedRAMP to APRA; and thin cloud/SaaS connectors that emit a common Finding contract. Assessors, platform engineers, and GRC teams everywhere rebuild the same pipeline on their own. Pull evidence, crosswalk to a framework, generate a gap report, wrestle OSCAL. One open toolkit, maintained by the community, end-to-end.

/grc-engineer:gap-assessment SOC2,FedRAMP-High --sources=aws,github

A prioritized, effort-estimated, remediation-linked gap report backed by 1,468 Secure Controls Framework controls crosswalked to 249 frameworks.

Not affiliated with Anthropic. Community open-source project. Claude, Anthropic, and any related marks are property of their respective owners.

Design positions

A few opinionated choices worth naming up front. These are the engineering principles the community is building around. They shape what good contributions look like.

SCF is the right crosswalk source. Most GRC tools roll their own control-mapping tables. They're usually incomplete, and nobody maintains them past the quarter they were built in. SCF has 1,468 controls mapped bidirectionally to 249 frameworks, publishes quarterly, and ships as a static JSON API. The toolkit uses it as the backbone. No hand-maintained CSVs.

Connectors should be thin. Thick all-in-one agents are hard to audit, hard to extend, and hard to swap. Every connector here is a few hundred lines that shells out to tools teams already have (aws, gcloud, gh, direct Okta API). Any connector can be ripped out and replaced without touching the rest of the toolkit. That makes it easy for commercial platforms, platform teams, and individual engineers to each ship one.

Framework plugins don't reproduce standard text. ISO 27001, PCI DSS, and HITRUST CSF text is copyrighted. This toolkit references control IDs and ships implementation guidance in paraphrased form. Each team's licensed copy of the standard is the source of truth. Anyone can ship a framework plugin without legal exposure, which is how this scales to 249.

This is GRC in Claude Code. It's not a replacement for your GRC platform. This toolkit gives practitioners an open place to learn the engineering layer and ship it in public. Commercial platforms, internal GRC teams, 3PAOs, and individual engineers all land in Claude Code eventually. The Finding contract is designed to normalize output from any source, so anyone can plug their stack in and contribute.

60-second install

# In Claude Code
/plugin marketplace add GRCEngClub/claude-grc-engineering
/plugin install grc-engineer@grc-engineering-suite

For a first run with no cloud credentials, use a GitHub account as the data source:

/plugin install github-inspector@grc-engineering-suite
/plugin install soc2@grc-engineering-suite
/github-inspector:setup
/github-inspector:collect --scope=@me
/grc-engineer:gap-assessment SOC2 --sources=github-inspector

Full walkthrough: docs/QUICKSTART.md.

What you can do with it

View full README on GitHub

Similar Plugins

ui-design

32.9k

239

Comprehensive UI/UX design plugin for mobile (iOS, Android, React Native) and web applications with design systems, accessibility, and modern patterns

Stats

Version0.1.0

Parent Repo Stars0

MaintenanceGood

LicenseMIT

AddedApr 26, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Available In

grc-engineering-suite

grc-tprm

Component Overview

Install

Component Details

Commands (3)

Skills (3)

README

claude-grc-engineering

Design positions

60-second install

What you can do with it

Similar Plugins

ui-design

grc-tprm

Component Overview

Install

Component Details

Commands (3)

Skills (3)

README

claude-grc-engineering

Design positions

60-second install

What you can do with it

Similar Plugins

ui-design

nanobanana