Governance, Risk, and Compliance - Data segregation

Brad Fleming
Tera Contributor

We are planning to use GRC for IT and non-IT (i.e., environmental) risk and compliance.  We are a single service provider with a dedicated instance, & no domain separation.  Within GRC do we have the ability to restrict visibility to data that mimics domain separation?  For example, Users within ABC department/groups only see IT related risk and compliance dashboards/reports/data, and Users withing XYZ department/groups only see non-IT related risk and compliance data?

1 ACCEPTED SOLUTION

the question related to implementing something similar to domain separation for the different teams. Using the confidentiality tags achieve the same as that: you cannot see the records if you do not belong to the correct group 🙂

View solution in original post

6 REPLIES 6

SanjivMeher
Kilo Patron
Kilo Patron

We had similar requirements. But OOB there is no solution. I am not sure if they have it in their future roadmap, but you should check with your sales rep.

You may need to make changes to ACL based on entity associated to the control to implement such kind of restriction.


Please mark this response as correct or helpful if it assisted you with your question.

Thank you for your insight, Sanjiv, much appreciated!

Sebastien Fix
Giga Guru
Giga Guru

@Sebastien Fix I think the confidentiality tags are more like marking a particular record as confidential. Not for different compliance team.

And Functional domains are to segregate data, but not to restrict users from seeing each others data.

But this fields may be used to build the functionality.


Please mark this response as correct or helpful if it assisted you with your question.