Isora GRC - Assessing Child Org Units

All parents want to know how their children’s risk affects their own. From co-signing on a loan to driving habits. The same is true at institutions, it could be how child org units are protecting sensitive data on servers at rest and in transit; and how their risk affects the broader organizational risk. The ‘include child org units’ option in reports allow Isora GRC administrators to see into those scenarios.

If you have not already seen this new feature (it has been out for a few months now), users can now include children in the calculations and risk scores shown in completed assessment reports.

To view this feature, go to Reports and choose the report for the org unit you are interested in.

The following is the result of a mockup report:

Now, click on ‘include child org units’ link next to the org unit’s name, and the page will refresh with all of the data rolled-up to include the children of the top level org unit you are viewing.

Notice the difference between the two reports The calculations show different numbers: to include child org units in the risk and zscores; hosts are shown because the child org units included inventory categorization; the questions include the children’s scores; and the riskmap calculations include the child org units answers.

In all, this feature allows a user to understand how children org units affect the risk score of the parent.