GRC Indicators real time examples

tanaji · ‎12-19-2018

Please send me the real time examples for indicators

Chris Smith4 · ‎12-20-2018

Some additional context to your question would help determine which specific examples you would benefit from.

In general, your GRC indicators continuously monitor for Controls or Risks. You would establish your indicator criteria that sets which field it monitors and what supporting data it needs to collect to determine if the indicator passes or fails. You also set the schedule that the indicator executes on and related it to events that can generate a task or other actions when the conditions are met.

An example:

You have a Registered Risk regarding "Loss of Confidentiality"
You set up an indicator linked to that Registered Risk that monitors the status of configuration items (CI), and the indicator is set to Fail if it detects a CI with a status of "Stolen" or "Absent"
If the status of "Stolen" or "Absent" is detected, the Indicator Results record for that Risk will reflect the Failed status, showing there is an active Risk related to "Loss of Confidentiality" for the identified CI. This can then be displayed in a dashboard report, or fire events such as notifications to send, task generation, etc.

Ashik3 · ‎12-20-2018

Hi Tanaji,

As Chris Mentioned, GRC indicators continuously monitor for Controls or Risk.

For eg : you have an ''Access control'' policy in place from NIST regulation for which you have a control to check 'Stale User login- Disable inactive users after 3 months '.

You can use an indicator here against the control , This indicator would automatically checks your user table (sys_user). your indicator will fail if it find any user record that is still active and last logon is greater than 3 months.

Another eg Could be Approvals are required in change management process. You can run an indicator on change table to see if any change surpassed approval.

BR,
Ashik

tanaji · ‎12-26-2018

I have seen there are OOB indicators are populated once we will activate the plugin for GRC. But this is not the case for personal dev instance. Do you have idea how to get those OOB indicators ?

Chris Smith4 · ‎12-26-2018

When you activate the GRC plugin, will you be including Performance Analytics? This will include OOB indicators. The GRC Suite without Performance Analytics only comes with Indicator Templates OOB, I believe.

You can load the Performance Analytics plugin in your personal dev instance by going to Manage Instance -> Action -> Activate plugin , then select Performance Analytics. Once that plugin is activated, you can look at the existing OOB indicators and see if Performance Analytics contains the ones you were looking for.