Typical Project Questions
Typical Project Questions
Projects or Tasks
Imagine you are reviewing compliance against a SOC2 list of requirements and you quickly identify that for many requirements your organisation does not have any mitigation.
In this situation, you have two options:
- Create one project for every compliance requirement where no mitigation exists.
- Create one project for all compliance requirements where no mitigation exists, then add tasks inside that project for every requirement.
We typically advise creating the smallest number of projects in order to keep things simple in eramba, in particular, if you have a small team.
Improvements
Imagine you are doing ISO 27001 compliance and you identify that for requirement 5.1.1 the mitigating Internal Control in eramba is not "enough". Is in this type of situation, where improvements are required, that we advise you to associate projects.
Risks Treatment
In eramba we always look at reflecting the reality of "today". We sometimes see people creating a risk, setting its treatment option "Mitigate" and setting as treatment items a Project.
Based on our Problems & Solutions approach (review episode until you understand it) we can not say that we are "Mitigating" a risk when all we have is a project in the future. It would be different if to that same risk you include Controls and Policies, then the approach would be "we have something, but we need something else".
Playlist
- Episode 1Introduction to the Project Module5 mins left
- Episode 2Problem vs. Solution Principle5 mins left
- Episode 3Project Module Associations1 min left
- Episode 4Typical Project Questions1 min left
- Episode 5Identifying Projects1 min left
- Episode 6Creating Projects2 mins left
- Episode 7Reviewing Projects and Tasks2 mins left