GRC Engineering Platform

Policy → Controls → Evidence → Coverage/Effectiveness → Residual Risk

Visual Overview

Coverage by Domain

Effectiveness by Domain

Domain Donuts

Coverage (by domain)

Effectiveness (by domain)

Residual Risk (by system)

System Risk Heatmap

System	Low	Medium	High	Critical	Avg Residual

Control Drill-down

Canonical controls mapped to frameworks with coverage & effectiveness. Sortable by domain.

Domain	CCC ID	Title	Coverage	Effectiveness

Gap Analysis (Controls below target)

Controls where coverage or effectiveness is below target thresholds (default: 80%).

Domain	CCC ID	Title	Coverage	Effectiveness	Gap Type

Top Risks

System	Risk ID	Asset	Threat	Inherent	Mitigation	Residual	Level

Upload Risk Register CSV (Client-side)

Upload a risk_register.csv-style file to preview it in the browser (this does not change the backend JSON; it is for experimentation and demos).

risk_id	asset_id	threat	likelihood_inherent	impact_inherent	notes