...
Not directly. The data you store in ZenGRC Storage is visible only in ZenGRC - to retrieve a document, navigate to the object where it's attached.
How
...
Restrictions
Access to ZenGRC Storage is controlled by the ZenGRC application. If a user has access to an object in ZenGRC (such as an evidence Request), they have access to any files attached to that object.
Logging & Monitoring
Changes to ZenGRC objects are logged in the ZenGRC Events log. This includes updates such as metadata changes, as well as attaching evidence (files). Individual object history is visible to anyone with at least Reader permissions to that object, while Administrators have access to the system-wide event log.
Does anybody at Reciprocity have access to my ZenGRC Storage?
Yes. Your Customer Success Manager and GRC Expert may have access, since they are often granted access to your ZenGRC application. You can remove this access if you wish, by updating their permissions.
Reciprocity DevOps also has access to files in your ZenGRC storage, as they administer the AWS and S3 platforms. You can not remove this access if you use cloud-hosted ZenGRC. These DevOps users are trained on proper access procedures and policies, which include only accessing customer data in the course of troubleshooting or required maintenance duties.
Access Control Diagram
...
do I share stored data with users outside of Zen?
There are two approaches to this. First, you may grant external users access to your ZenGRC application (following your relevant access control procedures). Second, the Audit Dashboard provides a convenient way to download a zip file of evidence, which can then be provided to your external auditors.
How is my data protected in ZenGRC Storage?
...
Data availability, durability, and recovery is provided by the underlying S3 storage system, which performs checks for data durability. Data durability is a feature of AWS designed to obviate the need for manual backups, providing durability and availability above 99%. Details of these can be found in AWS documentation.
How
...
does access control work?
Restrictions
Access to ZenGRC Storage is controlled by the ZenGRC application. If a user has access to an object in ZenGRC (such as an evidence Request), they have access to any files attached to that object.
Logging & Monitoring
Changes to ZenGRC objects are logged in the ZenGRC Events log. This includes updates such as metadata changes, as well as attaching evidence (files). Individual object history is visible to anyone with at least Reader permissions to that object, while Administrators have access to the system-wide event log.
Does anybody at Reciprocity have access to my ZenGRC Storage?
Yes. Your Customer Success Manager and GRC Expert may have access, since they are often granted access to your ZenGRC application. You can remove this access if you wish, by updating their permissions.
Reciprocity DevOps also has access to files in your ZenGRC storage, as they administer the AWS and S3 platforms. You can not remove this access if you use cloud-hosted ZenGRC. These DevOps users are trained on proper access procedures and policies, which include only accessing customer data in the course of troubleshooting or required maintenance duties.
Access Control Diagram
