Overview of Isora GRC for Administrators
The purpose of Isora GRC is to conduct assessments against organizational units, inventory, applications and vendors. Before assessments can be performed, you need to put data about your organization and your inventory into Isora GRC. Then you create lists of questions about the organizational units and lists
of inventory items to be classified. You can pull from existing lists of questions and/or create your own custom questions. When you create a new assessment, these questions will be compiled into surveys which are targeted to specific organizational units.
When the assessment is pushed out to the organization, specific people within each organizational unit will be responsible for answering the questions and marking the survey as complete. The person who is ultimately responsible for signing off on the survey is called the organizational unit head. Once all surveys have been marked complete, the entire assessment is considered to be complete.
Over time, you will likely run the same assessments on a regular, scheduled basis. Isora GRC’s report feature allows you to generate simple charts showing trends across multiple instances of an assessment.
Figure 1-1 General Workflow with Isora GRC
In some cases, administrators are not directly responsible for host-level inventory information. This is particularly likely in large-scale environments. It may be the case that Isora GRC administrators are directly responsible only for those hosts that are directly used by their organizational unit; and others within the larger organization are responsible for the majority of hosts. In that case, an alternative workflow may be used:
Figure 1-2 Alternative Workflow with Isora GRC