Call me old fashioned, but I liked it when risk registers were bound ledgers. It worked just fine, and you always knew where everything was. That's the theory behind these apps — because sometimes you just need a quick and dirty GRC self assessment.
Three rules every app in the suite follows. They're not optional — they're the reason PumaWorx exists.
01
Each app is one HTML file. Drop it on a USB stick, install it as a PWA, save it to your downloads folder, archive it on a NAS. Wherever a browser runs, the app runs.
02
No outbound traffic means no exfiltration risk, no third-party SaaS to vet, no remote dependencies to compromise. The browser and the file are the entire trust boundary.
03
PumaWorx is a personal passion project that helps me do what I want to do, how I want to do it, forever. Never again will the product I depend on get bought and ruined by some private capital or hijacked by internet drama.
Each app exports to the next — PumaGRC2 hands maturity gaps to PumaRisk, PumaRisk hands risk-treatment plans to PumaBCP, and PumaLogger captures the timeline when things actually break.
01 Comply 763 KB
Multi-framework compliance self-assessment
Maturity scoring across multiple frameworks. Record maturity, priority, evidence and plans to visualize heatmaps and crossmappings against NIST CSF.
02 Assess 382 KB
Quantitative risk register
A board-ready risk register with inherent and residual scoring on a 5×5 likelihood × impact matrix. Track exposure, treatment plans, and response strategy across multiple workspaces.
03 Record 444 KB
Timestamped event log & timeline assembler
A timestamped event logger. Capture events as they happen, or recreate a master timeline from logs with global timestamps for incident response and after-action reporting.
04 Recover 347 KB
Business continuity & disaster-recovery planner
Inventory technology assets, map dependencies, document backup state, and walk tabletop exercises against ransomware, outages, and vendor failures.
A suite of portable productivity apps that run offline in your local browser for minimal footprint and zero external connections or dependencies. Task tracking, kanban, notes, maps, flows, and more.
Explore the suitePick whichever fits how you work. They're all equally official and they all do the same thing.
STEP 01 · LIGHTEST
Visit pumagrc2.greykit.com (or any other). The app loads. You're done. Browser caches the file — works offline after the first visit.
STEP 02 · PORTABLE
Right-click → Save Page As. You now have a portable, offline-forever copy. Open it from a USB stick, a sandboxed VM, an air-gapped laptop.
STEP 03 · POLISHED
Desktop or phone app with auto-updates, no app store required. Chrome / Edge: Chromium: Save and Share → Install. Safari iOS: Share → Add to Home.
localStorage. That's per-browser and per-device. Use the built-in Export button (JSON, CSV, or Markdown depending on the app) any time you want a portable backup — or to hand the data to another app in the suite.
The single-page HTML IS the source. There's nothing to build, include, or compile — each app is 100% human readable with inline documentation.