Where did recurrence for controls disappear to?
Is still there, it works in a slightly different way
release 3.12.0 changed the old way, we are updating the documentation portal , by end of the month we will complete that
@kisero Can you shortly outline how it’s supposed to work? The documentation seems still to be outdated.
We have to create a lot of controls in the next couple of weeks for our ISO 27001 certification process.
As far as I understood, the maintenance schedule repeats yearly. For a weekly schedule do I really have to create 52 items? How can I set a maintenance each monday, as the weekdays will change next year with a yearly recurrence?
yes, doc is being updated now with the new portal sorry for that.
in the meantime the old doc explains why weekly (or daily) audits is not something we encourage, review this link pls:
if you still want to do this then yes, you need to do 52 clicks!
Would a potential alternate solution here to load up a CSV file via the import? On the pro side, it’d be faster to import, on the con side, it won’t schedule future iterations?
a dutch customer is doing automated audits and they api’s their audit records into eramba automatically, i think they did it every second day and the result was pass or failed.
audit and monitoring are indeed a thin line. who audits the monitor? another script? audits exist in my view to be executed by humans who check what the machine is doing (which ultimately was dictated by another human trough code, releases, change management, etc). human is the key here.
I understand that Eramba does not aim to be a monitoring solution. But according to our building security policy, we have to check if the building’s CCTV recordings are still working. This task is executed by a human, checking if the recordings of last week are all there. Therefore I would like to schedule a weekly Maintenance, so the task owner gets an email and can do the checkmark on success to verify if we are still compliant to our policy. That’s what Eramba is for, isn’t it?
yes , and you can do it if you click 52 times.
now a piece of advice you did not ask for but might come handy to the wider audience:
testing a control in a weekly bases, assuming it takes one hour, that is 52 hours times 30 eur an hour, that is 1500 eur a year. That is one control of an average 100 any given organisation no matter the size will have. assuming this policy continues to other controls, you are looking at 100k + / year only on testing time.
lets add to that the time it takes to review 50 policies (say one hour, every year), that is another 1500 eur and 50 risks (which will take a lot longer than an hour, say three) that is another 1500 eur.
is that feasible?
writing policies is easy, paying for them, not.
Sorry, clicking 52 times every year is not what I would call user-friendly. Can we please have the weekly and monthly recurrences back again?
no, we are not changing this
why would you click 52 times , “every year” ? Audits are set for any given calendar year, this means you click 52 times once.
Yes, you’re right. I don’t have to click it every year - only if I want to have it on a specific weekday.
Now a piece of advice you did not ask for but might come handy in the future: As someone who did customer suppport for more than 20 years, I can tell you that no one ever won an argument with a customer.
This is a community not a for profit business. We have earn the privilege to work with whom we want so if we do not like working with someone we simply do not renew their license.
FAQ: FAQ | Eramba
The community software (which is free and open) costs money and that needs to be paid somehow. We sell an enterprise software version (which is paid and open) to raise sufficient funds every year to cover the entire project cost (salaries, offices, etc).
Eramba has never operated as a standard business that tries to make more money every year, nothing wrong with that of course, we just built this project with the goal of developing an ideal (well, in our view) lifestyle where we value our freedom and time. Having built this on our free time a decade ago, being frugal with our expenses, being very flexible and quick on making decision has allows us being 10-20 cheaper than the competition and that means: we don’t have debts, no-one owns us, we dont need sales targets, conversion targets, budget targets, sales teams, marketing teams, Etc. We just don’t need them.
While our pricing is cheap and somewhat static, every year we complete 30-40 releases making the software better and better. Over the years, our asset which is the software and the community get better and better while the pricing remains the same. More value, same cost.
Despite (in the past) some experts have called us naive, this model has allowed us to grow organically, develop a worldwide community of tens of thousands, get global recognition by Gartner, etc. We have been running these way since 2012 and are happy to continue for as long as it goes!
no-one here cares here about “wining” or “loosing”, this is not a competition with trophies. this is a community of professionals.