IF you’re given the opportunity to perform a review or audit of your organizations IT Security policies then you may find the following tool useful. In a pinch you can get a secure installation running on a hardened Linux box, add all of your policies and begin mapping them to security services and controls to build workflows and automate part of your internal review process for IT Risks.
The March 2017 Community release provides

  • Asset Management
  • Control Catalog
  • Support Contracts
  • Business Continuity Planning
  • Policy exceptions
  • Risk Reporting
  • Third Party Risk Management
  • Security Incidents

The Enterprise version sports a few extras .

Start Here (It’s the Documentation Portal for Eramba)