By VantaInc
Editable draw.io diagram skills for GRC system boundaries, evidence flows, control maps, risks, audits, crosswalks, TPRM, POA&M, data flows, RACI, and operating models.
Create an editable draw.io grc audit workflow diagram for GRC professionals
Create an editable draw.io grc control map diagram for GRC professionals
Create an editable draw.io grc regulated data flow diagram for GRC professionals
Create an editable native draw.io diagram, optionally exported to PNG/SVG/PDF with embedded XML
Create an editable draw.io grc evidence flow diagram for GRC professionals
Always use when the user asks to create, generate, draw, or design a diagram, flowchart, architecture diagram, ER diagram, sequence diagram, class diagram, network diagram, mockup, wireframe, UI sketch, GRC workflow, control map, audit process, risk register flow, compliance architecture, or mentions draw.io, drawio, drawoi, .drawio files, or diagram export to PNG/SVG/PDF.
Use when creating a draw.io diagram for audit planning, request lists, evidence, testing, exceptions, remediation, and reporting in a GRC, security, audit, compliance, privacy, cloud, or risk context.
Use when creating a draw.io diagram for high-level GRC program architecture, continuous compliance operating models, three lines of defense, and executive program maps in a GRC, security, audit, compliance, privacy, cloud, or risk context.
Use when creating a draw.io diagram for controls mapped across frameworks, systems, owners, risks, and evidence sources in a GRC, security, audit, compliance, privacy, cloud, or risk context.
Use when creating a draw.io diagram for regulated data flows, data classifications, storage, processing, transfer, access, retention, and logging in a GRC, security, audit, compliance, privacy, cloud, or risk context.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
https://github.com/user-attachments/assets/a83aa297-9fba-4a7d-b56c-06f962d1ec6b
Open-source GRC automation for Claude Code.
claude-grc-engineering turns technical evidence from cloud, SaaS, code, and security tools into framework-aligned findings, gap reports, remediation guidance, evidence packages, and OSCAL workflows.
It is maintained by the GRC Engineering Club for people who want compliance work to behave more like engineering work: repeatable, testable, versioned, and easy to extend.
Not affiliated with Anthropic. Claude, Anthropic, and related marks are property of their respective owners.
The toolkit is a Claude Code plugin marketplace. Install the pieces you need:
grc-engineer: the core automation hub for gap assessment, IaC scanning, evidence collection, remediation generation, policy generation, PR review, continuous monitoring, and multi-framework optimization.The common path is:
connectors collect evidence
↓
findings match schemas/finding.schema.json
↓
grc-engineer maps findings through SCF
↓
reports, remediation, evidence packages, OSCAL outputs
The Secure Controls Framework (SCF) crosswalk is used as the control backbone: 1,468 controls mapped to 249 frameworks. The toolkit references control IDs and implementation guidance; it does not reproduce copyrighted standards text.
Inside Claude Code:
/plugin marketplace add GRCEngClub/claude-grc-engineering
/plugin install grc-engineer@grc-engineering-suite
For a first run without cloud credentials, use GitHub as the evidence source:
/plugin install github-inspector@grc-engineering-suite
/plugin install soc2@grc-engineering-suite
/github-inspector:setup
/github-inspector:collect --scope=@me
/grc-engineer:gap-assessment SOC2 --sources=github-inspector
Full walkthrough: docs/QUICKSTART.md.
Using Claude Cowork instead of Claude Code? Start with docs/CLAUDE-COWORK.md.
npx claudepluginhub vantainc/claude-grc-engineering --plugin grc-diagramsVanta MCP server integration for Claude Code
PCI DSS v4.0.1 Plugin - Payment Card Industry compliance with ROC guidance, SAQ selection, and March 2025 mandatory requirements
Ralph-loop mechanism specialized for GRC iteration patterns: gap-remediation burndown and quarterly evidence sweeps. Each loop drives /grc-engineer:* commands until a completion criterion fires.
GRC Reporter - translate findings, risks, and metrics into narratives leadership actually reads. Reference implementation of the Reporting category from RFC #38.
Canadian PBMM (Protected B Medium Medium) with ITSG-33 controls
Complete creative writing suite with 10 specialized agents covering the full writing process: research gathering, character development, story architecture, world-building, dialogue coaching, editing/review, outlining, content strategy, believability auditing, and prose style/voice analysis. Includes genre-specific guides, templates, and quality checklists.
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Intelligent draw.io diagramming plugin with AI-powered diagram generation, multi-platform embedding (GitHub, Confluence, Azure DevOps, Notion, Teams, Harness), conditional formatting, live data binding, and MCP server integration for programmatic diagram creation and management.
A growing collection of Claude-compatible academic workflow bundles. Covers scientific figures, manuscript writing and polishing, reviewer assessment, citation retrieval, data availability, paper reading, literature search, response letters, paper-to-PPTX conversion, and evidence-grounded Chinese invention patent drafting. Rules are organized as reusable skill folders with explicit workflows and quality checks.
Upstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.
Consult multiple AI coding agents (Gemini, OpenAI, Grok, Perplexity, plus codex, antigravity, and grok CLIs when installed) to get diverse perspectives on coding problems