Entities in GRC
An entity is a person, process, department, application, or other object whose compliance exposure is tracked in GRC. Each entity has an owner, so non-compliant items and their owners can be identified individually.
- An entity class groups entities by category, such as Financial or Location, and associates that category with a tier.
- An entity type uses filter conditions to identify which source records are set to entities. For example, all records where Category = Financial and Criticality = High.
- An entity tier assigns a criticality level to entity classes. For example, Tier 1 for critical items and Tier 2 for standard items.
Once these constructs are in place, GRC generates entities automatically when a matching source record is created.
To understand how these constructs work together, consider the following example. Your organization wants to track compliance across its critical financial systems. First, create an entity tier called Tier 1 to represent high-criticality items. Then create an entity class called Financial and associate it with Tier 1. Next, create an entity type called Critical Financial Systems with a filter that matches records where Category = Financial and Criticality = High. When a source record matching that filter is created, GRC automatically generates an entity, assigns it the Financial class, and surfaces it in the Tier 1 view. If one system fails an audit, only that system's entity and its owner are held accountable. The other systems are unaffected.
Entities can also be related to each other. An entity with child entities has downstream entities. An entity with parent entities has upstream entities.
Entity name and owner synchronization
When a source record linked to an entity filter is created, an entity is automatically generated in GRC. If the source record name or owner changes after the entity is created, the entity name and owner can update to match the source record.
You can control this synchronization at the entity level using the Sync entity name and entity owner with source record check box. When selected, the Name and Owner fields are set to read-only and stay in synchronization with the source record. Clearing the check box enables you to manually override the entity name and owner.
- Frequency of syncing the entity name and entity owner with the source record: determines how often the job runs. Options are daily, weekly, or monthly.
- Maximum batch size while syncing the entity name and entity owner with the source record: controls the number of records processed in each batch.
Entity classes
For more information, see Entity classes.
Entity class rules
Entity class rules help to assign classes to the entities at the table level. Any new entity created on the table gets that entity class automatically. Entity classes are used to tag your entities.
When you create an entity over a specific table, the class associated with that table automatically gets assigned to the entity. You can set a new entity class rule for a table.
For more information, see Entity class rules.
Entity types
An entity type is a grouping of entities that is based on filtering. Entity types enable you to find and create entities that match a set of filter conditions. Hierarchy can be created within the entity classes.
Entity types also enable you to create risks and controls for each entity without spending much time. For example, an organization can have multiple departments, such as finance, HR, or IT. All these departments can be considered as entities and can be grouped under the entity type called Departments.
For more information, see Entity types.
Entity tiers
For more information, see Entity tiers.