Versions Compared

Old Version 18

changes.mady.by.user Laura McWilliams

Saved on

compared with

New Version Current

changes.mady.by.user Laura McWilliams

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page contains information about the roles and capabilities of each account in Isora GRC.

...

Each person defined to Isora GRC can be associated with one or more organizational units (OUs). For each OU a person is involved with, the person has a role within the OU. The following table summarizes the capabilities of each role.

Role

Capabilities (for a given Organizational Unit)

Organizational Unit Head

Can final acknowledge an org unit survey; can see all completed organizational assessments (including those of child OUs); can answer survey questions; can view shared completed vendor assessments from other OUs; can view, edit risk scores for their OU

Assessment Manager

Can launch surveys; can view completed assessments and answer survey questions; can delegate OU questions (and add users via delegation) and assign hosts to users; can view all permissions and assign permissions to other users, can edit sheets; can create, launch and acknowledge app assessments; can create, launch, acknowledge and view vendor assessments; can view shared completed vendor assessments from other OUs; can create vendor products; can create/edit product deployments for their OU

IT Staff

Can view reports and answer survey questions; can assign hosts to users (and add users to Isora GRC via delegation); can edit sheets; can create, edit, launch, acknowledge and view vendor assessments; can view shared completed vendor assessments from other OUs; can create vendor products; can create/edit product deployments for their OU

Vendor Requestor

Can create, edit, launch, acknowledge and view their own vendor assessments for their OU only; can view shared completed vendor assessments from other OUs; can create vendor products

Risk Assessor*

Can view, create and edit risk register entries for their OU

Risk Auditor*

Can view risk register entries for their OU

User

Can view and create exception requests for their OU, for hosts that they are Owners, Users and/or IT Contacts for

Auditor

Has read-only access to everything for the given OU (NOTE: The auditor role is under development)

(no role assigned)

Can do categorization of hosts that belong to them; can answer any unit questions that have been delegated to them; can create sheets and edit sheets that belong to them (irrespective of organizational unit); can answer questions about apps which they own; can view completed shared vendor assessments

Guest (this is not a role in Isora GRC, but a person who is accessing a vendor survey via shared link)

Can view and answer questions on a vendor survey; can acknowledge a vendor survey

...