Working With Questions
On the Settings page, in the Setup area under Question Configuration, you can use the Questions tab to view and work with individual questions. Like everything in the Setup area, only superusers can view and edit questions. The default view will likely be many pages long. You may find it more useful to view questions using the tree view.
With the tree view, questions are displayed grouped by their categories.
How to Populate Isora GRC With Questions
If you’re using a known framework, SaltyCloud will pre-populate your instance of Isora GRC with a number of objects, including default questions, to help you implement assessments using that framework. You can also create your own questions and upload them one at a time, or using a CSV. You could also download the existing questions, modify them, and re-upload them.
Question Fields
Each line of a questions CSV file represents one question with the fields outlined in the table below. The fields allow you to determine how the question will look, where it shows up (under what category), what type of answers are allowed, how much information is required, and how the answers will be scored.
Field number | Field name | Required | Explanation |
1 | text | yes | the question itself This field supports Markdown formatting. Please visit https://www.markdownguide.org/cheat-sheet/ for a quick reference to Markdown. |
2 | parent | no | the text of the parent question; this field is blank if it has no parent question |
3 | category | yes- if no parent | the category it belongs in; if the question has a parent, then leave this field blank and it inherits the category of the parent question |
4 | explanation required | no | Under what circumstances does the answer require an explanation? r = if answer is favorable; u = if answer is unfavorable; a = always; n = never |
5 | show if parent | no | y = if the answer to the parent question is favorable, then show this question (default); n = if the answer to the parent question is unfavorable, then show this question. |
6 | weight* | no | c = critical; h = high; m = medium (default); l = low; i = informational |
7 | allow explanation | no | true = allow users to type in an explanation; false (default) = no explanation allowed (does not override the “explanation required” field) |
8 | help text | no | text that will be displayed as help text for the question (recommended) This field supports Markdown formatting. Please visit https://www.markdownguide.org/cheat-sheet/ for a quick reference to Markdown. |
9 | answer response group | yes | the name of the answer response group for this question |
10 | documentation required | no | f = required when favorable only; u = required when unfavorable only; a = always required; n (default) = never required |
11 | allow documentation | no | true = allow documentation upload; false (default) = do not allow documentation upload (does not override the “documentation required” field) |
Weight Value
The weight value is used to calculate the score for the completed assessment. The multiplier for the selected answer will be multiplied by the question’s weight value to determine the score for the question. The survey score is the cumulative total for all questions in that survey. The respective weight values are summarized in the table below.
Weight | Value |
critical | 10 |
high | 7.5 |
medium | 5 |
low | 2.5 |
informational | 0 |
To add a single new question to Isora GRC, you can use the “add a new question” box.
Each question must have either a category, or a parent, but not both. Some fields are only relevant based on how you answer other fields. If the field is irrelevant, then it is ignored. For instance, if you manually enter a question with no parent, then the “show if parent” field is ignored.
Allowing users to upload documentation
You may wish to allow users to upload documentation to support their answer. This documentation will be stored in the cloud and later you can retrieve it when you view the completed assessment. You can choose under what circumstances users are allowed to or required to supply documentation.
Formatting Questions with Markdown
Both the text of the question itself and the help text field support Markdown formatting. Markdown is a lightweight markup language that allows you to add some formatting like numbered lists or include a link to a URL. For more information about Markdown, please visit https://www.markdownguide.org/cheat-sheet/ .
Revision Log
Each time you edit a question, you can’t just overwrite the old question, because it might have already been used in a survey that was run in the past. If a question does have revisions, Isora GRC will keep track of which version of it was used in each survey that included it.
Each time you change an existing question, you are required to record an entry in the change log.
Editing Questions in an Ongoing (Running) Assessment
When you edit a question, by default, it won’t impact any running assessments. This is because questions are snapshotted every time a new assessment gets created. This is import for maintaining the integrity of assessment data. If you edit any aspect of a question (including the question itself, the answer response group, weight value, etc) and you want those edits to impact active surveys in a running assessment, then you need to update the snapshot for that assessment. If you update snapshots for the assessment, then ALL changes that have been made to any included questions will get pulled into the snapshot for that assessment, and any impacted portions of the assessment will be unlocked and have to be reviewed.
See also: https://saltycloud.atlassian.net/wiki/spaces/TES/pages/1901035533
Once an assessment has been completed and finalized, you can no longer make any changes. If you realize that you have an erroneous question in a survey that was already finalized, then you will have to create a new assessment using the new version of the question and start over.
See also: https://saltycloud.atlassian.net/wiki/spaces/TES/pages/1275463670