Cyber Tool Stack
All tools

eramba

By Eramba

A self-hosted GRC platform covering risk registers, control frameworks, policy management, and audit workflows, aimed at organizations that want GRC tooling without a SaaS subscription. Its free Community Edition is real and fully functional, but eramba's own maintainers describe the project as free rather than open source, since the license permits use only for an organization's own purposes and prohibits redistribution or modification; a paid Enterprise Edition adds support and additional modules.

Verified Source: 1

Product type
Software
Deployment
On-prem
Organization size
SMBMid-market
Pricing tier
Freemium

Capability checklist

GRC

How eramba measures up against the full GRC & Compliance Automation taxonomy.

Control & framework mapping — supported
Maps internal controls to frameworks like SOC 2, ISO 27001, and NIST.
Continuous control monitoring — not supported
Automatically checks that controls remain in place between formal audits.
Risk register & assessments — supported
Tracks identified risks, owners, and treatment plans in one place.
Audit evidence collection — not supported
Automatically gathers and organizes proof of control operation for auditors.
Policy management — supported
Manages the lifecycle of security policies, from drafting to employee attestation.
Vendor & third-party risk tracking — not supported
Assesses and monitors the security posture of vendors and partners.

Alternatives

Other GRC & Compliance Automation tools with overlapping capabilities, sized for similar teams.

Appears in stacks

Real-world stacks that include eramba.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.