🧠 SecureAudit – ISO 27001 Compliance Tracker

Flask AI/LLM ISO 27001 Python SQLite Ollama

A Flask-based platform I co-developed with a teammate to help organizations manage their ISO 27001 control status. My focus was on user experience, AI integration, and workflow, while my teammate handled backend logic and database design.

Why We Built It

From my experience working on compliance projects, I saw how static spreadsheets and manual checklists can slow teams down. We wanted to build something smarter—so we combined our strengths: my teammate architected a robust backend, and I designed the interface and integrated AI to make remediation and reporting easier.

Key Features

Multi-Role Access

Role-based access for auditors, compliance officers, and admins. Each user sees only what’s relevant to their responsibilities, keeping the workflow focused and secure.

AI-Powered Remediation

I integrated Ollama LLM to generate tailored remediation steps for failed controls and to summarize audit findings in plain language.

Compliance Dashboard

I designed a dashboard that gives a real-time snapshot of compliance status, pending actions, and historical trends.

Automated Reporting

With a single click, users can generate comprehensive reports, complete with AI-generated recommendations.

Technical Implementation

How We Built It

  • The backend, built by my teammate, uses Flask and SQLite for data management, with JWT authentication and bcrypt for password security.
  • I handled the frontend using Tailwind CSS for a clean, modern look, and managed the integration with a locally running Ollama LLM instance for AI-powered features.
  • We prioritized security throughout: RBAC, input sanitization, CSRF protection, and secure session management were all implemented.
  • I worked closely with my teammate to ensure the frontend and backend communicated smoothly and securely.

Challenges & What I Learned

RBAC & Collaboration

One of our biggest challenges was designing a flexible RBAC system that could adapt to different organizational structures. I spent a lot of time tuning AI prompts to get useful, actionable remediation advice, while my teammate ensured data consistency and robust backend logic. Collaborating on this project taught me a lot about bridging technical and user-facing aspects, and how to use AI responsibly to support (not replace) human decision-making.

Future Enhancements

  • Support for other frameworks like SOC 2 and GDPR
  • Advanced analytics and automated evidence collection
  • API integrations with third-party security tools
  • Custom compliance template builder

⚠️ Usage Disclaimer

SecureAudit is intended for educational and professional use in authorized environments only. Please ensure you have proper permission before conducting any compliance assessments, and always verify AI-generated suggestions with a human expert.