This is a bit of a mess, we easily agree with that and we need to sort this stuff. We have three things in eramba that are used to describe:
Project - how we are fixing a problem
Issue or Finding - a problem
Exception - a problem we decided to live with
We dont seem to disagree that the three need to be there, but we do think:
- Issues and Findings (which we will call “Findings” or “Issues”) will be expanded to the same sections “Projects” are and they will be called “Issues” that you can link to items on that section.
- Sections will include “Issues” filters and notifications (the same as now “Findings” have), an item with an open “Issue” will be tagged in red as “With Issues” until the issue is “Closed”.
- You will attach them to one or more items in that section, how that will be done depends on the section.
Since they are everywhere you want one place to look at them at once, for that reason we’ll create a new section under Security Operations where all “Issues” from all sections will be shown to you, this will help you know “What Problems do we have?” in a glance. The section will allow you to:
- edit them
- filter all of them at once, you will get the chance to list one or two fields from the item section they relate to.
- trigger notifications (against the status and date)
- initially you wont be able to create new “Issues” (as that is done on each section) but is likely that in the future you will be able to do it
We are thinking also on merging all exceptions into one section under control catalogue…but we’ll work on that only once we conclude with the findings stuff.
Side note: this is the current relationships for projects, findings, exceptions and issues:
Currently Projects link to:
- Program / Goals
- Risk Management / Asset Risk Management
- Risk Management / Third Party Risk Management
- Risk Management / Business Risk Management
- Control Catalogue / Security Service
- Control Catalogue / Security Service / Audits
- Control Catalogue / Security Policy
- Compliance Management / Compliance Analysis / Item
- Asset Management / Data Flow Analysis / Flow
Filters on these section don’t really tell you easily what projects are active against them, filters on this sections need to include a tab called “Projects” and the following filters options:
- Project Name
- Start Date
- End Date
- Owner
- Completion %
- Status (drop down with: completed, ongoing, etc)
- Status (drop down with: Ok, Project Expired, Improvement Project Expired, Improvement Project with Expired Tasks, Etc)
- Planned Budget
- Actual Budget
Issues are linked to:
- Control Catalogue / Security Service / Audits
We need to migrate this to the new “Issues” schema defined above, the status “Control with Issues” remains as the new issues have that built in.
Findings
- Compliance Management / Vendor Assessmetns
- Security Operations / Account Reviews
These two need to be merged and expanded to all other sections as described above, they will be called “Issues”
Exceptions
- Risk Management / Asset Risk Management
- Risk Management / Third Party Risk Management
- Risk Management / Business Risk Management
- Control Catalogue / Security Policy
- Compliance Management / Compliance Analysis / Item
These all need to be merged and put together under “Control Catalogue”.
internsal ref: https://github.com/eramba/eramba_v2/issues/1313
