Feature - opensourcegrc.org (wikipedia of grc)

hm, no “missing” here.
But I’ve just seen in the health check that there is a NOK for read-write permissions of the tmp-folder. Might this be the issue? I’ll check asap.

Edit: checked after giving permissions: same issue. I’ll investigate tomorrow again, too much other issues with other systems at the moment…

:frowning:

let us know over support !!! good luck fabian!! happy new year!!

We have in mind a landing page like this:

landing (4)

  • The top corner describes the logged in user (this is different if the user is not logged in, probably the same but inviting them to create an account)
  • We have three columns:
    • The first has a dropdown with all available compliance packages , the user selects one compliance package and the column is shown … if that package has another compliance packages a second drop down is available … the same with a third. when the first package is selected, the list of possible controls and policies is also loaded.
    • The second column has recommended internal controls that are linked to the main compliance package
    • The third recommended policies that are linked to the main compliance package
  • A user can download with CSV:
    • the full table (compliance, controls and policies) where control and policies are only titles
    • the table with the full controls or policies, in this case they download all its details

The mouse over a control or policy open a dialog with the details of the control and the possibility to download it as a CSV

Mouse over a compliance package shows details too:

The question on how content is created on the system is by using web-forms a bit like eramba has where the following can be uploaded:

  • compliance packages
  • mapping of compliance packages
  • controls
  • policies (documents)

We will begin by providing form for control and policies. Compliance Packages and mappings will come later on. The following fields must be available for the user on each case:

Controls:

  • title
  • objective
  • testing methodology (audit_metric_description)
  • testing success criteria (audit_success_criteria)
  • tags (are they used for the search engine in eramba user interface? if yes, then yes)

Documents:

  • Title
  • Short Description
  • Document Type
  • Content

The problem with documents is the content, we want that to be part of what the users upload to this web and therefore we need a powerful WYSIWYG (no media content allowed). This editor will need to allow users to download this content in word format (or compatible).

Users will need a way to suggest changes on existing policies, controls, mappings, etc:

  • Something new (a policy, etc)
  • Change something (a correction)
  • Delete something which is wrong

Each case will need to be handled differently. No idea how yet. Users will also need a way to make comments on items. It seems like items can have suggestions and comments attached to them and they should be down as a list. Wikipedia splits “talks” (comments) from “articles changes” … but the UX is hard to follow at least for me:

New layout, we include “tabs”, the landing by default falls on the “Compliance” tab

Policies, Internal Controls have the same layout

Hello,

Update for this week, we completed the main framework for the portal, database schema is there and basic relationships too. We loaded the system with a dummy database to have a sense of its usability.

screencast 2020-05-05 12-44-17

We worked a lot on mappings too, a genuine pain in the ass ! but we got were we wanted with a base of mappings which we think are useful:

Today we will include:

  • sorting
  • filters
  • a few fixes on UX

Next week we’ll start with account and role management, that will be the launching point for items versioning / comments / discussions a vital functionality of a wikipedia style portal.

Stay tuned!

821 days after coming up with this idea while i was in south Norway doing some customer stuff i think we can finally call this project a solid beta

user management , approvals, emails, functional testing, security testing, t&c’s, privacy, basic content seems all there and even integration with eramba works … so is now time to use it and start that even slower process of maturing it at the expense of users frustrations :slight_smile:

i’ll drop an email to the people that registered to let them know about this update

many thanks and lets hope this brings some sort of value to the community

Exactly.

Related question: If Eramba is your only source of truth, do you use policies as attachments or via the online editor?

###edit###
Sorry, my quote went missing, I was referring to this sentence:

In our use case, we use eramba as the single source of truth and try to avoid linking to external systems to reduce complexity.

Online Editor.