Good Afternoon. I am evaluating using Eramba as our first step into GRC tooling as our current ISMS is entirely SharePoint-based. We currently have 10 ISO and other compliance Frameworks across our ISMS, so I’m interested in how Eramba can support additional ISOs not currently in the official list. (For example, 9001, 14001, 22301, 20000, 27017/18 etc). I cannot seem to find reference to any custom controls, or how we can extend Eramba to add new controls and cross-link them with risks and dependencies to create a holistic integrated ISMS as we have in SP now. Many thanks.
I’d suggest going through the online learning portal to get an understanding of how to approach using eramba.
What you’re asking about is related to the Compliance Management module where you can create “Compliance Packages” (either from templates provided, or you can roll your own). The key concept to understand is the Problems & Solutions paradigm - controls solutions (things you do), problems are things to solve with solutions (ISO, compliance frameworks, risks)
You then map your controls to those compliance packages that you’ve created and declare victory accordingly.
On Eramba, any compliance framework you are trying to meet, like ISO 9001, 14001, 27001, NIST, SOC 2, PCI, etc. Are what we call compliance packages.
These packages contain the items you need to be compliant with, and those are basically your “problems” that you then need to address with “solutions”.
The cool thing is you can upload whatever compliance package you want. We already have templates for ISO, but you can also create your own, whether that is a company internal regulation or a local government requirement. From there, you simply link those “problems” (compliance requirements) to your “solutions” (policies, internal controls, exceptions or projects).
The internal controls section in Eramba is not where you store the ISO requirements you are trying to be compliant with. Internal controls are the “solutions” your company has.
I would recommend checking out the docs to get a better feel for the overall approach of the “problems” and “solutions”: Compliance Management