Program Module - What is it for?

There is a module in eramba under the name of “Program” that is never mentioned on the documentation, the reason being that it was a mistake we don’t like to talk about. Is pretty usual situation in life, at least at my advanced age.

Some 15+ years ago (today is 2025) eramba was built because we had to meet the newly published ISO 27k standard (the 2005 and 2013 edition, both outdated by the 2022 version). This program module was used to meet some of the ISO 27001 requirements.

  • Scope Module: ISO 4.3 requires you to document a scope, the idea is you can do that here. Since most people would do that as part of some document that would typically be documented in the Policy module this feature so little use.

  • Program Issues: SO 4.1 (and some other ISO non-certifiable standards) requires you to determine organisational issues with the hope you will out of that prioirity what needs to be done. As with 4.3, this is also typically in some document managed on the Policy module.

  • Goals: ISO 6.1 talks about “Objectives”, the light at the end of the tunnel sort of thing. Same as the previous two, most would document them in a document and manage that on the Policy module.

  • Team Roles: ISO 5.3 talks about roles, etc. Who does what within the ISMS. As the previous documents this is managed on the Policy module.

So the general idea is:

  • This was built for ISO people, but long ago we decided to keep eramba as a tool for GRC rather than specificily ISO (many reasons that would put a bear to sleep until we finish explaining them).
  • This modules are easily replaced by documentes in the Policy module

The one slight exception is the Goals (Objectives) module which it is kind of useful because it allows you to link objectives (just text with promises) to different objects such as controls, risks, etc. Since these related objects can be “measured” in terms of maturity (reviews, audits, etc) you can actually sort of tell if the objective is met or not over time.

Since we use dynamic statuses to measure the performance you can pull some overtime charts that describe if over time your objectives where met or not.

We might someday make out of this something better, in particular the goals module, but for the time being we are busy doing more urgent things.

2 Likes