This lab is where I prototype how I think as a technical GRC / AI governance engineer: real-time control health, AI risk scoring, and audit log checks.
Below you’ll find an interactive GRC lab, plus a full GRC Dashboard App I built with React, TypeScript, Tailwind, and Convex (backend + database).
Example controls you’d see in a SOC 2 / ISO 27001 style environment. Update status to see the overall posture change.
| Control ID | Description | Owner | Status | Last Check |
|---|---|---|---|---|
| AC-01 | User access reviews performed quarterly | IT / Security | 2025-10-01 | |
| LOG-02 | Critical systems send logs to centralized SIEM | Platform | 2025-10-10 | |
| BCP-03 | Backups tested and restore validated | Ops | 2025-09-20 | |
| AI-01 | AI models reviewed for bias and misuse risk | AI / Product | 2025-08-15 |
Quick, rule-of-thumb risk scoring based on data sensitivity, impact, and region. Not a legal tool—just a way to show thinking and structure.
Risk Level: —
Key Concerns:
Suggested Controls:
Paste a few sample log lines. The checker flags entries that are missing an evidence ID or look like failures.
Example format: 2025-10-01T09:14Z USER=alice ACTION=ACCESS_REVIEW STATUS=OK EVIDENCE_ID=12345