I’m sure you also have to deal with security sign-off issues on an almost daily basis.
Can you map this with Eramba and how?
What does your workflow look like? (with Eramba)
I often have such requests where I have to make a decision from a security perspective. I still document this using Word in a file share. It would be ideal if this could be done in Eramba, for example. But how?
Do you have any solutions with Eramba?
Sign-Off
Formal procedure for the approval and acceptance of security aspects in IT projects or systems
Security assessment: Analysis of security requirements and potential risks.
Recommendations: Specific security recommendations are formulated based on the assessment.
Stakeholder approval: Relevant stakeholders review and approve the security measures.
Documentation: The entire process, including assessments, recommendations and approvals, is documented.
Follow-up: The implementation of the agreed safety measures is monitored and checked.
regards Andreas
I went through in-person training recently. The sign-off workflow is through “comment” function to capture the sign-off decision. I am not sure the “new” UX which is scheduled to be released in Summer would make the workflow better.
I had implemented other GRC tool in the past, there is pro and con of how Eramba handling the workflow. The pro of such simple “manual” workflow allow maximum flexibility. The GRC manager is the one must have clear head of what is required and document accordingly. The con is the consistency and accountability as well as data capturing of the workflow.
The truth is that I haven’t seen any GRC tool that can handle the workflow well unless you would like to use very expensive tools which operate the GRC tasks like tech ticketing system. In my opinion, it is overkill. The simple manual comment update to capture approval in Eramba is like you request approval via email and then document approval in your work log. It is probably as effective as asking CEO or CRO to log in to GRC tool to figure out how to “sign-off”.
My first eramba reply-post. I hope you find it helpful.
is very important you read the documentation until you understand how eramba works, this will take 4-5hours as minimum. Without this basic knowledge it will be impossible to understand what eramba does and how.
the particular question is answered here: Policy Management , but you need much more context than this specific article to understand how eramba works.