Getting Started with Isora GRC

What is Isora GRC?

Isora GRC is an information security risk assessment and inventory control application. It can be used to conduct targeted risk assessments to assess compliance with specific laws and regulations such as: GLBA 314.4(b), FERPA, HIPAA, SOX, DFARS and GDPR. It can also be used to conduct organization-wide risk assessments against cyber-security frameworks such as: NIST 800-53, NIST 800-171, NIST CSF, ISO/IEC, ITIL and COBIT.

Who should read this document?

Anyone responsible for filling out surveys as part of a risk assessment.

What if I need to do more with Isora GRC?

Administrators of Isora GRC should read the Isora GRC Administrator’s Guide, in addition to this User’s Guide.

General Work-flow for Users: Org Unit Surveys

Org Unit Assessments include surveys for each Organizational Unit (OU) included in the assessment.


General Work-flow for Users: App Surveys

Application Assessments have just one survey and they are filled out by a member of the OU that owns the application.

Your Ongoing Assessments

After logging in to Isora GRC, you will be presented with a list of assessments for which you have some responsibility. These assessments will be displayed similarly to the one shown below.

The number of hosts and unit questions completed is listed here so that you can quickly see how far along an assessment is. The status (e.g. “in progress”) of each step is listed here as well.

Next: Process for completing org unit assessments

Or you may want to look at: Process for completing app assessments