Indicator Tasks or Attestations or else?

Matthias Ferstl · ‎02-26-2025

Hello Community,

First, I’m new to GRC and I’d like to say “hello,” but unfortunately, I’m not only here to exchange pleasantries ;).

My client needs a solution to speed up the evaluation of indicator tasks, and I would like to take this opportunity to hear your experiences and thoughts. Let’s assume there are 100 entities of type A1 with Owner A and 100 entities of type B with Owner B, and so on…

Now, for Owner A, it should be checked whether his 100 entities of type A1 are compliant. My first thought was to solve this with a common control, but there is the additional requirement that I should rate 99 entities as compliant if one is not compliant.

Screenshot 2025-02-26 175408.png

This means I need a very flexible group creation. Or the creation of 100 individual tasks, which then have to be evaluated individually (which is exactly what the customer wants to avoid).

Alternatively, I could use attestations, as they are currently not being used. Now to the collective intelligence: What would be an elegant solution for you?

Kind regards!

Mat

Please mark answers (not only mine) as helpful if they were
and "accepted solutions"This motivates others to take part, post solutions and find answers. Thanks! - Mat

Community Alums · ‎02-26-2025

Hi @Matthias Ferstl ,

I would go with Control Attestations and if any control is not Complaint, the automated issue which gets created should be assigned to the Entity owner.

View solution in original post

Community Alums · ‎02-26-2025

Hi @Matthias Ferstl ,

I would go with Control Attestations and if any control is not Complaint, the automated issue which gets created should be assigned to the Entity owner.

Community Alums · ‎02-27-2025

Hi @Matthias Ferstl ,