Customizable Picklist Label Values
Host Values
The following are the default Isora GRC host picklist label values. If these should need to change for your organization, reach out to support@saltycloud.com with the values that work for your organization.
Classification: Confidential, Protected, Published, Unknown, surplus
Categories (within Confidential): Health, Ferpa, Financial, ssn, research, Critical to unit, Critical to org
Priority: Normal, Important, critical
System Type: Personal, Laptop, Desktop, Server, Video, security, Printer, Phone, Classroom, AV, infrastructure
How are they used?
These labels are used when categorizing host assets in the inventory, or when you perform host categorization during an assessment.
In the following example, a host is confidential and it has data that falls under the ferpa, ssn and financial categories. It has critical priority and it's a server type of system.
App Values
The following are the default Isora GRC app picklist label values. If these should need to change for your organization, reach out to support@saltycloud.com with the values that work for your organization.
Classification: Confidential, Protected, Published, Unknown, surplus
Categories (within Confidential): critical to organization, critical to unit, ferpa, financial, health, research, ssn
Priority: normal, important / non-critical, critical
App Deployment Environment: Production, Development (App Deployments are optional and the field is unnamed. It is customarily used for an environment label but you could put anything in this drop-down).
How are they used?
These labels are used when categorizing app assets in inventory, and the classification and categories are also specified when you perform an app assessment.
In the following example, an app is classified as confidential and it has data that falls under the health and financial categories. It has important/ non-critical priority.
Vendor Product Deployment Values
The following are the default Isora GRC vendor product deployment picklist label values. If these should need to change for your organization, reach out to support@saltycloud.com with the values that work for your organization.
Classification: Confidential, Protected, Published, Unknown, surplus
Categories (within Confidential): Health, Ferpa, Financial, ssn, research, Critical to unit, Critical to org
In the following example, a production environment vendor product is classified as confidential with information that’s critical to the organization. Note that deployments also have a Scope drop-down, but that one is not customizable.
Vendor Product Picklist Values
The following are the default Isora GRC vendor product picklist label values. If these should need to change for your organization, reach out to support@saltycloud.com with the values that work for your organization.
Vendor Verticals: Default Category -
Classroom / AV Technology Services
Collaboration Services
Customer Relationship / Support Services
Cybersecurity Services
Database Services
Document Management Services
Donor / Development Services
Email Services
Event Management Services
Financial Services
Identity / Access Management Services
Infrastructure as a Service (IaaS)
Networking Services
Print Services
Research Management Services
Storage Services
Student Information Management Services
Survey Services
Telecommunications / Voice Services
Web Hosting Services
There is an alternative default list of vendor verticals that is also being provided on an as-requested basis. It is based on the verticals used by the HecVAT tool from Educause (See also: https://www.educause.edu/ ). The alternative list is more exhaustive and is broken down into several categories.
How are they used?
The vendor vertical label is used when you create a vendor product entry within Isora GRC’s inventory. This value is not determined by vendor assessment. You can only choose one vertical for each vendor product.
See also: Customizing Isora GRC