Question - Is there an option of a Global Custom field that is shared across modules?


Can we have global custom fields in Eramba?

Use case example:
I have two internal controls. both of them belong to different business lines in my company. Let’s call them:
Internal Control A - BusinessFunc 1
Internal Control B - BusinessFunc 2

I have a compliance requirement to be compliant by ISO27001 but the scope of ISO27001 is only BusinessFunc 1.

Now in my Compliance Analysis Tab. I want to add this restriction that all Compliance Package Items of ISO27001 must have internal controls whose associated business func is 1.

I know that as a Compliance Analyst, i should only select the ones which have BusinessFunc 1 but just to prevent user error. and holistically package this within a “scope” so as to say.

Would that be possible?


Fairly sure that’s how the security permissions are supposed to work. If they aren’t a party associated to the other business function, they shouldn’t be able to see the line item…

I meant as a GRC Analyst.
If I am assessing a compliance requirement that is scoped for businessfunc1 only.
Can i as a GRC Analyst only apply Internal Controls which are owned by that business function?

Because as a GRC Analyst i have complete control over the whole GRC module.

From that perspective.

Business users will use security permissions to have access to their internal controls only that i understand.

If you want a prevent control for this, then I think you’d need two accounts with differing permissions, but that’s probably not great.

From a detect perspective, you should be able to do something with the custom statuses and notifications to let you know if you cross the streams (assuming you have the right fields to compare for that - may have to add some custom ones).

custom fields created in internal controls modules do not appear in the compliance analysis filters or dynamic status. Is this by design or am i missing something?

Image of internal control custom field below:

Custom Status doesnt appear in Compliance Analysis Filter options for internal controls

Custom Status doesnt appear in Compliance Analysis dynamic status options

Hmm. This is interesting. I’m seeing on my instance that custom fields I created a while ago do show up on the Compliance Analysis Add Custom Status page, however, a new one I just created for this doesn’t seem to be doing that. Maybe there’s been a bug introduced on this…

Conceptually, you’ll want to lean on the “Help” page to see where things are related and use the custom statuses to bring things together. For example, how can you flag a control as belonging to a business unit? In theory, you can set a custom status on the BU page for the test “Does BU = Unit1”. Then on the Asset page, you do the same flag, but compare it to the custom field in BU, then you pass it on to the Asset Risk Page, then finally on to the Control page which will let you flag which BU(s) are associated to a control. This of course assumes that you’ve already built out those linkages - of course you can simply make a custom field at the Control level and load it up, it could just get difficult to maintain.

yeah, I thought of that to but yeah it will be difficult to maintain.

if you are able to figure out why the custom fields are not working please let me know.