Table of Contents outline true
Object Definitions
...
To get the most out of ZenGRC, it is imperative that you have a solid understanding of the basic object definitions of ZenGRC. Going forward we will provide you with a Style Guide where you establish how you want your content to appear within ZenGRC. For this to be most effective however, you must first understand our criteria.
Program
To get the most out of ZenGRC, it is imperative that you have a solid understanding of the basic object definitions within ZenGRC.The program is the highest tier object within ZenGRC. Programs are typically, standardized, industry wide compliance guidelines issued by large authoritative sources. In ZenGRC, a program contains all objects related to one authoritative source. They are often made up of directives (regulations, contracts, clauses, standards, policies, or sections), objectives and controls, assets and risks and so on. These different object types can be mapped to their respective programs within ZenGRC. Examples of typical programs are PCI, FedRAMP, HIPAA, and SOC 2, but thanks to the dynamic flexibility of ZenGRC, any program can be up and running in minutes. The Audit functionality of ZenGRC is often utilized on Programs, to assess the effectiveness of controls and objectives set in place to maintain compliance with a specific Program.
Directives
Regulations - An authoritative source (e.g. ISO 27001, SOX, Fisma)
...
Section - A portion of a Regulation, Policy, or Standard objects
Objectives/Controls
Because both objectives and controls provide information on how to meet compliance requirements, the two objects can often be confused in ZenGRC. It is up to you to decide where you would like to draw the line between controls and objectives. Below, we offer our definitions of the two objects.
...
Requests - An audit task that requires a response, usually with evidence attached
Other ZenGRC Objects:
People | individual ZenGRC users or company stakeholders |
| Org Groups | a team or department |
| Vendors | a company that provides products or services |
| Access Groups | an object to manage edit levels for a collection of users (beta) |
| Systems | a company's physical asset |
| Processes | a series of actions or steps |
| Data Assets | information that requires protection, such as a user list |
| Products | A service or product delivered to customers. Closely related to Systems. |
| Projects | a planned set of tasks to be executed over a fixed period |
| Facilities | a building or business location |
| Markets | an area where products or services are sold |
Feature Definitions
System of Record
ZenGRC's system-of-record keeps track of your compliance posture and universe. Our easy to use interface allows you to customize attributes without development efforts, and map many-to-many relationships between all of the objects that matter to your company,
Workflow
The workflow feature enables you to complete typical compliance related tasks such as document requests. Furthermore, because of their incredible flexibility, workflows can really be used to task manage any project or process within the scope of your business operations. Workflows can be set up with varying frequencies such as daily, weekly, monthly, quarterly, annually, and so. Workflows can be broken up into smaller sub categories based on task groups, and within task groups specific tasks/requests can be created and assigned to specific ZenGRC users. Objects can be mapped to task groups and each task can be assigned to a specific person. Please view our other video on workflows for an advanced tutorial.
Audit
Our Audit module allows for 3 use cases:
...
Reporting
1) Downloadable reports - .csv exports that you can use to pull any piece of information from your system-of-record
...