The Assessment Page

The Assessment page is the primary entry point for all Isora GRC users. A superuser can view the state of all current and completed assessments, launch surveys and even complete them. Other users only see portions of assessments that impact them.

Active (ongoing) assessments are listed on the Open tab.

Depending on the target type, assessments will look somewhat different from each other. Presently, the only supported target types are Org Unit, App and Vendor.

Organizational Assessments

Organizational (org unit) assessments are structured around the concept of the Organizational Unit. When you create an assessment, you choose which OUs to include. A survey will be created for each one. The survey includes both unit-level questions and host categorization. If no sheets are assigned to an OU, then that survey will consist solely of unit-level questions, with an empty host categorization section. When you view the assessment on the assessment page, each assessment is broken down into the surveys it is comprised of.

App Assessments

An app assessment consists of a single survey for one single app. The survey has two parts- questions and classification. Unlike an organizational assessment, which may include many host classifications, the app survey just has one overall classification question, which applies to the app itself.

You can only view existing assessments or launch surveys with the assessment page. To create a new assessment or to edit an existing one, superusers should use the settings page.

Vendor Assessments

Vendor assessments are used to assess products provided by third-party vendors. They are associated with the organizational unit requesting the assessment, but can be made viewable by other OUs.