Running Sign

I’m very tempted to reference the failed Aussie Tourism campaign here.. I’ve been dark in the public space for ages, but there’s been a lot going on under the radar! Half way through last year I hooked up with a few other business partners and started working on the Grails-based product for the GRC sector. You probably won’t know this space, but this stuff is super big in the Australian Government areas I’ve previously worked where compliance with the ISM is a big, costly and time-intensive deal.

Enter GMARC… The little Aussie GRC Grails app that could… (after launch we’ll have a website at http://www.gmarc.com.au, but the graphic designer is still busy working on it ATM)

GMARC Assets

Rather than your typical “Build the next Twitter” type startup, we’ve gone the other way. Instead of aiming big, we’ve aimed very small. Our key approach with GMARC has been:

  • Work in a small underserviced sector that you know really well, and where you have lots of relationships to spread the word
  • Develop a product that generates real $ savings to the client (some clients have estimated 2-3 Full Time Employees worth of savings annually)
  • Make a very complex process simpler. Much simpler. But don’t loose any of the nuance. (it has been invaluable having two highly respected GRC consultants as co-owners - this space needs hardcore realworld experience)
  • Road test it all in a real environment business away from the dev lab!
  • Don’t go broke on the journey

We've been slogging heaps of hours into this project over the last 9 months, hence my lack of contributions here (plus I've been flatout helping out with church stuff, but that's a whole other nightmare). What's most exciting is that we're now gearing up for our official product launch at [AusCERT](http://conference.auscert.org.au/conf2011/) - a big security conference out here in Australia that runs in May on the Gold Coast.

There’s still tons of work to do, and lots of Graphic Designer input still to come, but we’re now getting close to a 1.0 and it’s super exciting. We have a bunch of clients chasing us for pricing (which has been very validating), and we’re scampering to get all the basic features done and dusted before going Hollywood launch.

GMARC dashboard with charts of TRA coverage

So what sorts of Grailsy things does it make use of?

  • Heavy use of Groovy XML stuff to support importing of the ISM XML file directly into the system (clients love this - saves a ton of time when applying ISM controls to their assets)
  • Handles import/export of all the common GRC things a client already has (CVS/Excel files containing Threats/Sources/Assets/Controls) - including some super simple cut and paste import options powered by JS magic and opencsv
  • Fully customised reporting options using some Freemarker magic, a Rich Text Editor, and PDF generation via the Grails Rendering plugin (separate post on this one later, it’s a fave feature!)
  • Dashboards with the very cool graphing and charting courtesy of the Google Chart Plugin coupled with the Eastwood Chart plugin to make it all run on the Intranet.* Very heavy use of Grails Webflow to make all the workflows in the system very easy to use (I can’t imagine even attempting some of the things we’ve done without Webflow - the state engine would be very complex).

And tons more! Anyways, now that the back of the work is done and we’re getting the thing to more clients for feedback, I’ll actually have some time to return to doing some blogging. I’ve really missed it!

As a side note, I’m really astounded how often I have to reference Grails In Action to look stuff up that I’ve already written about (and proofread dozens of times)! But it’s definitely great to be back in hardcore Groovy/Grails land though!

Will keep you posted on how the product develops from here. Stay incredible!