0
21.0.1
Zurich, Yokohama Patch 6, Xanadu Patch 9
GRC Feature roles provide access to individual Integrated Risk Management (IRM) capabilities, instead of granting access to the entire IRM feature set. This approach allows for granular access to specific functionalities, such as Compliance Library, Policy Management, and Control Attestations and Monitoring. It also enables precise control over what is shared with non-IRM products.
Non-IRM users can perform the following actions when assigned appropriate feature roles:
- Library and Control feature set:
-
- Create and manage library objects such as authority documents, citations, and control objectives.
- Associate entity and entity types to control objectives and generate controls.
- Manage control workflows, monitor controls effectively using attestations and indicators, and generate issues.
- Policy feature set:
- Create and manage policies and the policy lifecycle.
- Create policy acknowledgements and policy exceptions.
- Audit feature set:
- Create and manage engagements, activities, and scoping entities within those engagements. This role also provides access to a lite version of audit workspace.
- Evidence feature set
- Create and manage evidence requests, collection details, and evidence responses.
New
- Granular access to individual IRM features through newly introduced GRC Feature roles.
- GRC Feature roles available for specific capabilities such as Compliance Library, Policy Management, Control attestations, and Monitoring.
- Support for non-IRM products such as Privacy Management and AI Control Tower with feature-specific access restrictions using GRC Feature roles.
Permissions and roles:
- To install the application, you require the System Administrator (admin) role.