Compliance-> Exception Requests

Exception Requests are a new feature under development. Expect additional functionality coming soon.

What is compliance?

Compliance refers to a set of features within Isora GRC that will help you to establish and maintain conformity with an established policy or set of policies within your environment. The overall goal of using Isora GRC is typically to achieve compliance with regulatory protocols that are relevant to your institution.

Exception Requests

Exception requests refer to a request to allow a given asset to remain in violation of an established policy. IT staff, assessment managers and OU heads can all create, view and delete exception requests for their OUs. Superusers can create and view, edit or delete all exception requests. Exception requests must be linked to at least one asset.

Currently, exception requests only apply to host assets. There is no way to view associated exception requests from the host itself.

Exception Request Types

Your instance of Isora GRC is most likely initially configured with a default set of exception request types. This set is used to populate a drop-down pick-list for selecting the exception request type on the dialog to create or edit an exception request.

Screenshot of the Exception Type drop-down picklist

A superuser can edit, remove or add entries to this list using the exceptionrequesttypes API endpoint.

Exception Request Statuses

Whenever a new exception request is created, it is automatically put in the Requested status. The exception request can then be edited to change the status to something else. Your instance of Isora GRC will most likely be configured with a default set of possible exception request statuses. This set populates a drop-down pick-list for selecting a new status on the View/Edit dialog for the exception request.

Screenshot of the View/Edit Exception Request dialog

A superuser can add, edit, or remove entries on this list using the exceptionrequeststatus API endpoint.