DRAFT: Glossary of Terms


Definition / Usage


Definition / Usage


Process of signing off a survey or part of a survey.


An object stored in app inventory and belonging to exactly one org unit; usually these refer to software applications or some combination of hardware/software, may consist of multiple products working together as a system; may refer to an internally developed product. Can be assessed as an individual target.


Process of asking questions about a specific target or set of targets; exists within a series, consists of one or more surveys and potentially may include data enrichment (host categorization) as part of the survey(s).

Assessment Series

Organizational bucket containing assessments with the same target type, usually done for the same purpose and often on the same target(s) repeatedly.

Asset Enrichment

This is part of a survey where attributes about a certain target are gathered. Currently there are two supported types of data enrichment- 1) host categorization as part of an organizational survey; this is the part of the survey where host assets are classified based on the type of data they contain; and 2) app classification as part of an app survey. When the attributes are gathered they have two impacts- 1) the answer is part of the survey results; 2) the attributes on the underlying object are updated to reflect any changes made.

Deployment- App

An association between an app in inventory with a host also in inventory.

Deployment- Vendor Product

An association between a vendor product in inventory with an org unit; has data classification associated with it.


An object stored in host inventory on a sheet which is owned by exactly one org unit; typically these are IP-based networked assets. They are classified based on the type of data they contain and can be assessed via “data enrichment” within a host categorization part of an organizational survey.

Host Categorization

The part of an organizational survey where host assets are classified based on the type of data they contain.


Objects managed within Isora GRC; have three distinct types- Hosts, Apps and Vendor Products.


A location is an object representing a specific physical place where a host asset may reside. Locations must be fully qualified, consisting of a site, building, floor and room. Only superusers can create and edit locations.

Organizational Unit (Org Unit; OU)

Basic entity of ownership or designation; usually these represent groups of people or departments but it could represent anything you care about assessing. Roles (permissions) are on a per-OU basis.


A method for assigning capabilities or permissions pertaining to a particular OU.


The most basic part of an assessment; a list of questions targeting one specific object.


The entity being assessed / questioned by a survey.

Unit Questions

The part of an organizational survey with questions targeting the org unit itself.

Vendor Product

A type of inventory used to represent 3rd-party products. Unlike other inventory types, no one specifically “owns” vendor products.