Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Table of Contents | ||||||||
---|---|---|---|---|---|---|---|---|
|
This list of frequently asked questions (FAQ) will help answer commonly asked questions for the ZenGRC application.
Info |
---|
For help at any time, please contact support@reciprocitylabs.com. |
ASSESSMENTS
Expand | ||
---|---|---|
| ||
During audit creation, controls are added in Step 2: Scope. Then assessments are automatically generated for those controls when you complete Step 5: Review. On that page, you will see how many assessments will be generated after you click Start Audit. See Creating an Audit. If you need to add an assessment after audit creation, complete the following steps:
|
Expand | ||
---|---|---|
| ||
This can happen if the request is not mapped to the control in Step 4 of Audit Creation. If this occurs, you can correct it by completing the following steps:
|
Expand | ||
---|---|---|
| ||
No. Assessments are meant for controls and are only automatically generated for them when the audit is started. If an assessment or a request is added through import, there is no auto-generation. However, if you add a request and map it to a control that already has an assessment, the request will show up on the mapped assessment. |
AUDITS
Expand | ||
---|---|---|
| ||
Here are some instructions for changing any field in an existing, active audit:
|
Expand | ||
---|---|---|
| ||
If there is still a step to complete when the due date passes, such as the outside auditor verifying the evidence, ZenGRC recognizes it as overdue. If you don't want your statuses to say overdue, update the Due On date to reflect the actual day that evidence verification can take place. |
Expand | ||
---|---|---|
| ||
There are several ways to update a field for multiple items at once. To change the dates on evidence requests in bulk, complete the following steps:
|
Expand | ||
---|---|---|
| ||
If requests are imported without being mapped to an audit, you will see them by clicking System of Record | Requests. They will not be added to any audit unless the requests are mapped to an audit. |
COMPLIANCE DASHBOARD
Expand | ||
---|---|---|
| ||
They indicate the number of days the issue has been open. |
CONTROLS
Expand | ||
---|---|---|
| ||
The first step is to set a meeting to discuss what you'd like to accomplish. We may either guide you on how to do the work directly or offer a professional services quote should the work fall outside the current contract. It all depends on the volume of work and time needed to accomplish it. Please contact us at support@reciprocitylabs.com. |
Expand | ||
---|---|---|
| ||
Our mapping structure is as follows: Program-->Standard-->Section-->Objective-->Control If your controls are mapped to objectives and a program, but they're missing the in-between mappings to standards and sections, it breaks the ZenGRC structure and makes the controls appear unmapped to the program within the Audit function. Since each program is unique, please contact us at support@reciprocitylabs.com for additional support. |
DATA EXPORT
Expand | ||
---|---|---|
| ||
ZenGRC supports downloading files from the application in CSV format only. At this time there is no PDF download option from Data Export. Print to PDF options are available from Dashboards |
EVIDENCE STORAGE
Expand | ||
---|---|---|
| ||
Backend storage is required when using ZenGRC storage for evidence collection (vs. using hyperlinks to link to evidence stored in an external system). For the on-premises install, we provide a service that runs alongside the main ZenGRC application and enables ZenGRC storage to store evidence files directly to the filesystem. ZenGRC requires persistent storage for an on-prem install (e.g., configuration files, log files, data files for the database), aside from the requirements for evidence collection. We recommend at least 50GB of available space on the filesystem where ZenGRC is installed to have a safe margin. |
Expand | ||
---|---|---|
| ||
Please see Editing Overall Audit Details in the Managing Audits documentation. |
Expand | ||
---|---|---|
| ||
ZenGRC allows you to connect to different storage solutions at once, but it does not migrate content. If it's necessary to migrate documents from one to another, please contact your IT department. |
Expand | ||
---|---|---|
| ||
Not at this time. One of the reasons is because SharePoint is generally for organization-wide document and file collaboration. While evidence storage is used to store sensitive data that is not shared throughout a company. SharePoint does have the ability to link to a OneDrive file when referring to evidence. This is the preferred method of using SharePoint with ZenGRC. For additional questions and answers on evidence storage, please see ZenGRC Storage Security FAQs. |
EVIDENCE REQUESTS
Expand | ||
---|---|---|
| ||
The DRL template is found on Step 4: Setting up Audit Requests. For instructions, see Step 3: Setting up Audit Requests with additional formatting tips under Data Import. |
Expand | ||
---|---|---|
| ||
Upload the DRL in the same step where you downloaded the template. See Step 3: Setting up Audit Requests. If you've already created your audit and need to add additional requests, please follow these steps:
This accesses Step 4: Setting Up Audit Requests. See Step 4: Setting Up Audit RequestsGenerating Assessments. |
Expand | ||
---|---|---|
| ||
To delete duplicated requests, complete the following steps:
|
Expand | ||
---|---|---|
| ||
To turn off recurring requests, complete the following steps:
Select Never; then Save. |
IMPORTING TEMPLATES
For frequently asked questions about importing data, please see Import/Export FAQ.
JIRA INTEGRATIONS
Expand | ||
---|---|---|
| ||
Please see the information under Jira Connector. |
Expand | ||
---|---|---|
| ||
ZenGRC tracks every Jira issue mapped to the audit (by default these are epics, but you can set other Jira issue types for audits). Issues created in Jira and mapped to epics will be visible in ZenGRC as well. |
Expand | ||
---|---|---|
| ||
The current integration does not allow Jira to write to ZenGRC. We only pull data from Jira to display in ZenGRC. |
Expand | ||
---|---|---|
| ||
Technically, there is no sync. The data is pulled each time. |
Expand | ||
---|---|---|
| ||
No fields are changed inside ZenGRC. |
Expand | ||
---|---|---|
| ||
Evidence files are stored in Jira (and so are comments or any other attributes of a request which is linked to Jira). When you open a request, ZenGRC pulls data from Jira. |
Expand | ||
---|---|---|
| ||
ZenGRC instances have dynamic IPs, so you need to update your firewall configuration based on looking up the IP for the hostname of your instance. (i.e. https://[yourdomain].zengrc.com). For additional information, please see IP Whitelisting. Another option, though less common, is to open your Jira instance to the range of IP addresses that are part of the Amazon AWS US-east and US-west regions. If you have questions about this, please contact support@reciprocitylabs.com. |
Expand | ||
---|---|---|
| ||
You will need to update your Jira configuration by following the guide under Add Issues inConfiguring ZenGRC with Jira Software Cloud. |
NOTIFICATIONS
Expand | ||
---|---|---|
| ||
After assignees submit evidence, they cease receiving email on that request/task/assessment. If their evidence is rejected, they will begin receiving a daily email until it is submitted again. |
Expand | ||
---|---|---|
| ||
Notifications don't actually go out until the morning after an audit is activated. However, you can force them to be sent by adding a specific string to the end of your URL which then sends out the notifications. Add this to the end of your ZenGRC instance URL /_notifications/send_todays_digest. So your link name would be similar to this http://[yourdomain].zengrc.com/_notifications/send_todays_digest. This will send out notifications to everyone in the application who is assigned a task, request or assessment. You may also want to check your settings to ensure they're set up as expected. For assistance with notifications, please see the Configuring Email Settings documentation. In addition, to simply display an overall digest of assignments without sending emails, use the following in the URL: https://[yourdomain].zengrc.com/_notifications/show_todays_digest. |
Expand | ||
---|---|---|
| ||
Yes. Please see Configuring Email Settings. |
PERMISSIONS
Expand | ||
---|---|---|
| ||
User accounts are not deleted in ZenGRC but rather set to No Access. The purpose behind this methodology is to maintain an audit trail for all user actions, even though they may no longer have access. |
Expand | ||
---|---|---|
| ||
You can change your password by signing out and choosing the reset option, see below: |
PROGRAMS
Expand | ||
---|---|---|
| ||
After we import the programs that your organization selected, there are still a few things to do before starting an audit.
|
Expand | ||
---|---|---|
| ||
If you have a control associated with two programs, the deleted program will be removed, but the control itself will not be deleted (only the mapping). Just be sure to delete the Program via the Program menu in the application, not through import. |
QUESTIONNAIRES/SURVEYS
Expand | ||
---|---|---|
| ||
Yes, we're happy to say Please see Configuring Email Settings. |
Expand | ||
---|---|---|
| ||
Answers cannot be deleted at this time. If we receive multiple requests for the same feature, we evaluate the validity and place it on our roadmap. |
Expand | ||
---|---|---|
| ||
Yes, edits will not impact previously received responses. |
PEOPLE/ROLES
Expand | ||
---|---|---|
| ||
They should be assigned the Contributor role and added to the Audit Manager field for the specific audit. See Adding and Removing Users. This gives them access to the specified audit and allows you to assign assessments to them in the audit set up wizard. See Step 4: Generating Assessments. If you don't want to give external auditors access to the entire audit, you can skip assigning them as audit manager in the audit and bulk assign assessments to them. They won't have access to anything else in the application but will see everything they need in the audit, such as the text of the controls and objectives on the assessment card. To bulk assign assessments, complete the following steps:
|
RISK HEATMAP
Expand | ||
---|---|---|
| ||
Those dropdown options only populate when the following are true:
|
STORAGE
Expand |
---|
Please see Evidence Storage in this document. |
TO-DO LIST
Expand | ||
---|---|---|
| ||
The To-Do List and relevant items are only visible to individual users. However, an admin may view those items by doing the following:
|
VENDORS
Expand | ||
---|---|---|
| ||
Users can create and send out questionnaires on any object, not just vendors. For more information, please see Questionnaires. |
Expand | ||
---|---|---|
| ||
All users can view the Vendors tab in the left-hand navigation. On click, Readers can see (read) everything, meanwhile, Contributors need to be assigned to specific attribute fields on an individual vendor object for them to see the vendor. Users with Contributor access must be added to the Owners field to view a vendor. |
Live Search | ||||||
---|---|---|---|---|---|---|
|