...
PLEASE NOTE: Answer choices and answer response groups are a new feature, which is not yet supported by all instances of ISORAIsora GRC. In earlier versions of ISORAIsora GRC, there are only default answer choices.
...
Assessments consist of a list of questions and a list of targets where you want to ask those questions. There are many different types of assessments, but to do most of them, you need to start with questions. Salty Cloud can pre-populate your instance of ISORA Isora GRC with all of the questions you need if you want to do certain types of typical assessments. But if you want to do your own unique assessments, you'll need to start with questions first.
Because the number of questions can get unwieldy, there are several ways that ISORA Isora GRC groups them together to make them easier to work with. Question categories provide a way to organize questions into a hierarchy. The categories used are driven by the types of assessments being done. For example, the "campus-wide risk assessment" category could include a sub-category "physical security." Because one question can lead to another, questions support a parent-child relationship, so depending on the answer given to question A, another question B can be included in a survey. For example, if a user answers yes to "Does the system require password authentication?" they might be asked "Do passwords need to be changed every 90 days?" Questions are further grouped into question lists, so when you finally create an assessment, all of the questions needed are pulled together in one place.
To make assessments fully customizable, ISORA Isora GRC also allows you to customize the potential answers to questions. You can create different answer choices and assign them values for scoring purposes. Each answer choice includes a multiplier for determining how answers will be scored. Then you group them into answer response groups. There are default choices and default response groups. But if you want to get fancy, you can create your own.
...