A comprehensive, open-source Governance, Risk, and Compliance (GRC) platform
Oreno GRC is a modern, multi-tenant Governance, Risk, and Compliance platform built with Django. Designed for organizations of all sizes, it provides comprehensive tools for audit management, risk assessment, compliance tracking, and AI governance - all within a secure, scalable architecture.
Oreno GRC Homepage
- 🏢 Multi-Tenant Architecture - Isolated data per organization using
django-tenants - 🤖 AI Governance - EU AI Act compliance, NIST RSF, and OECD guidelines integration
- 🔍 Risk-Based Auditing - Global Internal Audit Standards (GIAS) 2024 compliant
- 📊 Advanced Analytics - Comprehensive reporting and dashboard capabilities
- 🔐 Enterprise Security - OTP authentication, JWT tokens, and advanced security features
- 📱 Modern UI - Responsive design with Bootstrap 5 and modern JavaScript
- 🔌 REST API - Full API support for integrations and custom applications
- Python 3.11+
- PostgreSQL (recommended) or SQLite
- Git
-
Clone the repository
git clone https://github.com/oumafreddy/oreno.git cd oreno -
Create virtual environment
python -m venv .venv source .venv/bin/activate # On Windows: .venv\Scripts\activate
-
Install dependencies
pip install -r requirements.txt
-
Configure environment
cp env.example .env.oreno # Edit .env.oreno with your configuration -
Run migrations
python manage.py migrate --settings=config.settings.development or python manage.py migrate --settings=config.settings.tenants
-
Create superuser
python manage.py createsuperuser --settings=config.settings.development
-
Start development server
python manage.py runserver --settings=config.settings.development or python manage.py runserver --settings=config.settings.tenants
Visit http://localhost:8000 to access the application.
Oreno GRC follows a modular, multi-tenant architecture designed for scalability and maintainability:
- Multi-Tenant Architecture - Uses
django-tenantsfor complete data isolation per organization - Custom User Model - Enhanced authentication with OTP support and advanced security
- AI Integration - Local LLM support via Ollama with OpenAI fallback
- REST API - Comprehensive API with JWT authentication and rate limiting
| Module | Description | Key Features |
|---|---|---|
| 🔍 Audit | Audit lifecycle management | GIAS 2024 compliance, risk-based auditing, workplan management |
| Risk management system | Risk registers, matrices, KRIs, assessment workflows | |
| ✅ Compliance | Regulatory compliance | Framework management, policy tracking, obligation monitoring |
| 📋 Contracts | Contract lifecycle | Contract types, parties, milestones, execution tracking |
| 📄 Document Management | Secure document handling | Upload, versioning, access control, audit trails |
| 🏢 Organizations | Multi-tenant management | Tenant isolation, user associations, subscription management |
| 👥 Users | Authentication & authorization | Custom user model, OTP, role-based access control |
| 🤖 AI Governance | AI compliance & governance | EU AI Act, NIST RSF, OECD guidelines, model registration |
| ⚖️ Legal | Legal document management | Legal frameworks, compliance tracking, document management |
| 📊 Reports | Analytics & reporting | Dashboard, custom reports, data visualization |
Audit Dashboard - Comprehensive audit lifecycle management with GIAS 2024 compliance
Risk Management - Risk registers, matrices, KRIs, and assessment workflows
Reports and Analytics - Advanced reporting and dashboard capabilities
oreno/
├── 📁 apps/ # Django applications
│ ├── 🔍 audit/ # Audit management
│ ├── ⚠️ risk/ # Risk management
│ ├── ✅ compliance/ # Compliance tracking
│ ├── 📋 contracts/ # Contract management
│ ├── 📄 document_management/ # Document handling
│ ├── 🏢 organizations/ # Multi-tenant management
│ ├── 👥 users/ # Authentication & users
│ ├── 🤖 ai_governance/ # AI governance features
│ ├── ⚖️ legal/ # Legal management
│ ├── 📊 reports/ # Reporting & analytics
│ └── 🔧 core/ # Common utilities
├── 📁 config/ # Django configuration
│ ├── settings/ # Environment-specific settings
│ ├── urls.py # URL routing
│ └── wsgi.py # WSGI configuration
├── 📁 services/ # External integrations
│ ├── ai/ # AI service integration
│ └── workflows/ # Workflow automation
├── 📁 templates/ # HTML templates
├── 📁 static/ # Static assets (CSS, JS, images)
├── 📁 tests/ # Test suites
├── 📄 requirements.txt # Python dependencies
├── 📄 manage.py # Django management script
└── 📄 README.md # This file
# Run all tests
python manage.py test --settings=config.settings.development
python manage.py test --settings=config.settings.tenants
# Run specific app tests
python manage.py test apps.audit --settings=config.settings.development
python manage.py test apps.audit --settings=config.settings.tenants
# Run with coverage
coverage run --source='.' manage.py test --settings=config.settings.development
coverage run --source='.' manage.py test --settings=config.settings.tenants
coverage report- Unit tests for models and views
- Integration tests for workflows
- API endpoint testing
- Security testing
- Configure production settings
- Set up PostgreSQL database
- Configure Redis for caching
- Set up Celery for background tasks
- Configure static file serving
- Set up SSL certificates
Docker configuration is provided for convenience but is not required for development:
# Build and run with Docker (requires Docker installed)
docker-compose up --buildNote: Docker is optional. You can run Oreno GRC directly with Python without Docker.
We welcome contributions! Please see our Contributing Guide for details.
- 🐛 Bug reports and fixes
- ✨ New features
- 📚 Documentation improvements
- 🧪 Test coverage
- 🎨 UI/UX enhancements
- 🌍 Translations
This project is licensed under the MIT License - see the LICENSE file for details.
- Django community for the excellent framework
- Contributors to django-tenants for multi-tenancy support
- All contributors and users of Oreno GRC
- 📖 Documentation
- 💬 Discussions
- 🐛 Issue Tracker
- 📧 Email: fredouma@oreno.tech | oumafredomondi@gmail.com
