Legal · Transparency

Disclaimer

Last updated: 1 May 2026

Educational Purpose

All content on GRC Drift Lab — including the Drift Model, learning scenarios, framework mappings, the GRC Dictionary, and any AI-assisted features — is provided strictly for educational and informational purposes.

Nothing on this platform constitutes professional legal, audit, compliance, or regulatory advice. Always consult qualified professionals and refer to primary sources for decisions specific to your organisation's compliance obligations.

How This Site Was Built

GRC Drift Lab is an independent project built by Jeshta Rao, an ISO/IEC 27001 Lead Auditor and Master of Cyber Security student at RMIT University, Melbourne.

In the spirit of transparency:

  • The Drift Model, the project concept, scenario design, and overall framing are original work.
  • The GRC content — including framework mappings, scenario narratives, dictionary entries, and explanatory text — is co-authored: drafted with AI assistance and reviewed by the author before publication.
  • The website code was written with AI-assisted development tools (Claude), in the same way modern developers use Copilot or Cursor.
  • AI-powered featureson the site (such as scenario marking and feedback) use Anthropic's Claude API at runtime to evaluate user submissions against rubrics designed by the author.

Limits of AI-Powered Features

Where AI is used to mark answers or provide feedback in real time, please note:

  • AI-generated feedback may contain errors, oversimplifications, or occasional inaccuracies.
  • Scores and feedback are intended as a learning aid, not a definitive assessment.
  • Treat AI feedback as a starting point for further study, not a final authority.
  • Always verify framework references and clause numbers against primary sources before relying on them.

No Guarantees

While care is taken to keep content accurate and current, GRC Drift Lab makes no guarantees regarding:

  • Specific career outcomes, job placements, or interview success.
  • Passing any professional certification or examination.
  • Regulatory acceptance or audit readiness of any approach demonstrated here.
  • The completeness or accuracy of content at any given moment.

GRC frameworks and regulations evolve. Always cross-reference with the issuing body's latest publications.

Third-Party References

GRC Drift Lab references third-party frameworks and standards — including ISO/IEC 27001, the Australian Information Security Manual (ISM), the Essential Eight, the Protective Security Policy Framework (PSPF), IRAP, and NIST CSF — solely for educational context. These references do not imply endorsement, affiliation, or partnership with their respective publishing bodies. All trademarks and framework names remain the property of their respective owners.

External Links

This site may contain links to third-party websites and resources. GRC Drift Lab is not responsible for the content, accuracy, or practices of external sites.

Non-Affiliation Notice

GRC Drift Lab is an independent personal project. It is not affiliated with, endorsed by, or sponsored by Anthropic, RMIT University, Bosch, Honda, TryHackMe, Hack The Box, Do GRC, or any standards body referenced on this site.

Contact

For questions about this disclaimer, or to flag content that needs correcting, contact jeshtarao@gmail.com.