Question - Linking risks to compliance packages items

Is it possible to link risks to compliance items, for example linking a particular risk to the ISO 27002 control objective A9.2.3 - Management of privileged access rights?



You can do it through the Compliance Analysis section. Click on Edit action from your objective/compliance item and fill the Compliance Drivers tab:


Thanks I tried that now. Is there a way to then see the links between the risk and the compliance control item? I don’t see it neither in the risk system report item nor in the control system report item.


The easy way to exploit this information is through filters functionality. You can create a new filter on risks or controls section and select the “show in result” options of the Compliance Analysis section:

Is there a way to include such info in a report as well? I tried but I don’t see the Compliance related fields in the Asset Risk item report.

In Controls you have the “Related Compliance Items” chart, but I can see that this is not available on Risk Section. Maybe it’s a good idea to suggest eramba to include this chart on the roadmap.

What you can do now, (I don’t know if fits for your use case) it’s to include a filter that contains this information on the report.


Yes I thought of using the filter, but it needs to be contextual, as in it needs to only list the compliance related items for that particular risk that is being reported on.
Good suggestions for the feature request, thanks!

actually there is no way, on an item report, to see that relation.

1/ the table widget does not include foreign tables like compliance.

we need to review the core sections, make sure the related core sections are listed there so you can pull a simple table with those relations

2/ the tree chart could include a branch “Compliance Items” and list the related items “Compliance Package Name - Compliance Package Item ID”

I think #2 would be simpler to implement, but we’ll see.


I’m also interested in a similar type of report. Basically as shown in the screenshot you attached, I’d like to see a report where I can see a specific compliance item on the far left of the image and then see everything else related just like in your screenshot.
I was just searching the forum on how to create this type of report when I found this thread.