Project Management

Manage proactive and reactive improvements to your GRC program - long

  • Episodes7
  • Duration17m 16s
  • LanguagesEN
Episode 4

Typical Project Questions

Typical Project Questions

Projects or Tasks

Imagine you are reviewing compliance against a SOC2 list of requirements and you quickly identify that for many requirements your organisation does not have any mitigation.

In this situation, you have two options:

  • Create one project for every compliance requirement where no mitigation exists.
  • Create one project for all compliance requirements where no mitigation exists, then add tasks inside that project for every requirement.

We typically advise creating the smallest number of projects in order to keep things simple in eramba, in particular, if you have a small team.

Improvements

Imagine you are doing ISO 27001 compliance and you identify that for requirement 5.1.1 the mitigating Internal Control in eramba is not "enough". Is in this type of situation, where improvements are required, that we advise you to associate projects.

Risks Treatment

In eramba we always look at reflecting the reality of "today". We sometimes see people creating a risk, setting its treatment option "Mitigate" and setting as treatment items a Project.

Based on our Problems & Solutions approach (review episode until you understand it) we can not say that we are "Mitigating" a risk when all we have is a project in the future. It would be different if to that same risk you include Controls and Policies, then the approach would be "we have something, but we need something else".