..
TPRM Assessment Tool
Personal project. A web app that ingests SIG questionnaires via drag-and-drop, auto-scores responses, and generates PDF risk reports.
What It Does
- Enter vendor info and tier the vendor. A short questionnaire (data access, system access, business criticality, regulatory scope) produces an auto-calculated tier from 1 to 4, with a manual override.
- Drag and drop the SIG questionnaire. A completed SIG 2025 workbook is parsed in-browser — questions and vendor responses are extracted automatically.
- Auto-scoring. Each SIG response is validated against the vendor’s stated controls. Every answer is marked supported, contradicted, or no evidence, with quoted excerpts and a confidence score.
- Export a PDF risk report. The report includes the vendor tier, domain impacts, per-question findings, and a gap summary — ready to attach to a risk review package.
- Runs locally. One screen replaces the spreadsheet juggling that used to drive this workflow.
Screenshot
Sample Output
Privacy by Design
Files are parsed in memory and discarded — nothing is written to disk on the server. All form state lives in the browser’s sessionStorage and is cleared when the tab closes. The app is meant to run locally on trusted hardware.
Technologies Used
- Python
- Flask
- Jinja2
- Anthropic SDK (Claude Sonnet 4)
- openpyxl
- Vanilla JavaScript
- HTML / CSS