Creating a Compliance Findings
How to create items on the module
Introduction
In this episode we will explain you how to create a Compliance Analysis Finding. You can create them one by one or using CSV Imports.
Creating a Finding
To create an Compliance Finding, click on “Actions” and then “Add.” (“Import” can be used for importing multiple policies at once.)
A form will then appear. Most of the fields are pretty obvious, but some might not be straightforward, so we’ll cover them in more detail in this guide.
Requestor
Every Compliance Finding has two roles: "Owner" and “Collaborator.” These roles must be assigned to an eramba user or group (System > Settings > User Management). Remember we always recommend using groups for these roles.
- Owner: is typically the GRC person that recevied the finding and has an interest in getting in it fixed
- Collaborator: is the person that has to perform some activity (typically a corrective plan) in order to correct the issue
Start, Closure Date and Status
Findings have two dates (“Due Date”) and status (“Open” and “Closed''), and these two field types are related to each other.
- While a finding is valid (meaning it is still applicable), the “Due Date” should have a value (some date) and the status should be set to “Open”. If the “Due Date” is in the past, the Exception will be automatically applied to an “Expired” status, indicating that the finding should have already been reviewed.
- When an exception is no longer needed, the status should be set to “Closed”.