Overview of Isora GRC for Users

What is Isora GRC?

Isora GRC is an information security risk assessment and inventory control application. It can be used to conduct targeted risk assessments to assess compliance with specific laws and regulations such as: GLBA 314.4(b), FERPA, HIPAA, SOX, DFARS and GDPR. It can also be used to conduct organization-wide risk assessments against cyber-security frameworks such as: NIST 800-53, NIST 800-171, NIST CSF, ISO/IEC, ITIL and COBIT.

Who should read this document?

Anyone responsible for filling out surveys as part of a risk assessment.

General Workflow for Users: Org Unit Surveys

Org Unit Assessments include surveys for each Organizational Unit (OU) included in the assessment.

General Workflow for Users: App Surveys

Application Assessments have just one survey and they are filled out by a member of the OU that owns the application.

General Workflow for Users: Vendor Assessments

Vendor assessments consist of just one survey to be completed by a representative from a vendor.


Your Ongoing Assessments

After logging in to Isora GRC, you may be presented with a list of assessments for which you have some responsibility. These assessments will be displayed similarly to the one shown below.

The number of hosts and unit questions completed is listed here so that you can quickly see how far along an assessment is. The status (e.g. “in progress”) of each step is listed here as well.

Alternatively, when you log in, you may be taken directly to the Host Categorization Wizard. Whether you see the wizard or the assessments page depends on a number of factors.

Managing Your Own Hosts

In some organizations, ordinary users are responsible for managing inventory data about hosts in Isora GRC. For more information about how to do this, see https://saltycloud.atlassian.net/wiki/spaces/TES/pages/1275464339 .


See also: https://saltycloud.atlassian.net/wiki/spaces/TES/pages/1275464120 and https://saltycloud.atlassian.net/wiki/spaces/TES/pages/1275464294 .