Implementation Roadmap

Introduction

In this phase of the implementation, you will undertake essential steps that are vital for the successful deployment of Eramba. These tasks focus on establishing groups, managing user accounts, and configuring permissions

On the left panel, click on the "Use Case" you previously selected. Read the documentation and then complete tasks.

Risk

Required Learning:

• User Interface course
• Access Management course

In addition, complete the trainings that apply to your use case:

• Risk Management course

Implementation Tasks:

• Create a Group for the GRC Team
• Create User Accounts for GRC Team Members, assign them both the “Admin” group and the newly created GRC Team group. Ensure they are only allowed access to the “Main” portal.
• Create a Dummy Account for Testing. Assign this user to the “No Permissions” group (so it has no access for now)
• Log Out from the Admin Account
• Use Your Own Account Moving Forward
• Identify Departments that will interact with eramba in Your Organization
• Create Groups for Each Department

Remember: Any item created in Eramba (risks, controls, etc.) will always be assigned to groups, not individual user accounts.

Compliance

Required Learning:

• User Interface course
• Access Management course

In addition, complete the trainings that apply to your use case:

• Compliance Management Course

Implementation Tasks:

• Create a Group for the GRC Team
• Create User Accounts for GRC Team Members, assign them both the “Admin” group and the newly created GRC Team group. Ensure they are only allowed access to the “Main” portal.
• Create a Dummy Account for Testing. Assign this user to the “No Permissions” group (so it has no access for now)
• Log Out from the Admin Account
• Use Your Own Account Moving Forward
• Identify Departments that will interact with eramba in Your Organization
• Create Groups for Each Department

Remember: Any item created in Eramba (risks, controls, etc.) will always be assigned to groups, not individual user accounts.

Data Privacy

Required Learning:

• User Interface course
• Access Management course

In addition, complete the trainings that apply to your use case:

• Data Privacy Course

Implementation Tasks:

• Create a Group for the GRC Team
• Create User Accounts for GRC Team Members, assign them both the “Admin” group and the newly created GRC Team group. Ensure they are only allowed access to the “Main” portal.
• Create a Dummy Account for Testing. Assign this user to the “No Permissions” group (so it has no access for now)
• Log Out from the Admin Account
• Use Your Own Account Moving Forward
• Identify Departments that will interact with eramba in Your Organization
• Create Groups for Each Department

Remember: Any item created in Eramba (risks, controls, etc.) will always be assigned to groups, not individual user accounts.

Awareness

Required Learning:

• Access Management course

In addition, complete the trainings that apply to your use case:

• Awareness Programs course

Implementation Tasks:

• Create a Group for the GRC team
• Create a User Account for each member of the GRC team, ensure they are members of the "Admin" group AND whatever you call your GRC group. Make sure they are allowed the "Main" and "Awareness" portal.
• Create a Dummy Account to test functionalities, and make it a member of the "No Permissions" group for now, in terms of Portals allow the "Awareness Portal"
• Logout from the Admin account
• From now on, log in with your account instead of Admin
• Identify the Audiences for your Awareness Programs
• Create one group in eramba for each audience, these might or not be the same as the ones identified in the previous general use case.
• Assign your dummy account to each group created in the previous step, we'll use this to test your awareness programs before you put them in production. Follow Awareness Programs guidelines for the dummy account.
• Enable Awareness Portal

Online Assessments

Required Learning:

• Access Management course

In addition, complete the trainings that apply to your use case:

• User Interface course
• Online Assessment course

Implementation Tasks:

• Create a Group for the GRC team
• Create a User Account for each member of the GRC team, ensure they are members of the "Admin" group AND whatever you call your GRC group. Make sure they are allowed the "Main" and "Awareness" portal.
• Create a Dummy Account to test functionalities, and make it a member of the "No Permissions" group for now, in terms of Portals allow the "Awareness Portal"
• Logout from the Admin account
• From now on, log in with your account instead of Admin
• Enable OA Portal
• Identify Your OA Audience, determine who will be participating in Online Assessments (e.g., Vendors, Internal Departments, Business Units, etc.).
• Create a Group for Each Identified Audience (e.g., SaaS Vendors, Consulting Suppliers, Internal Risk Assessments, etc.).
• Assign Your Dummy Account to Each OA Group. This dummy account will be used for testing purposes

Account Reviews

Required Learning:

• Access Management course

In addition, complete the trainings that apply to your use case:

• User Interface course
• Online Assessment course

Implementation Tasks:

• Create a Group for the GRC team
• Create a User Account for each member of the GRC team, ensure they are members of the "Admin" group AND whatever you call your GRC group. Make sure they are allowed the "Main" and "Online Assessment" portals.
• Create a Dummy Account to test functionalities, and make it a member of the "No Permissions" group for now. Make sure the account is a member of the "Account Review" portal alone.
• Logout from the Admin account
• From now on, log in with your account instead of Admin
• Identify a system within your organization that requires account review, and designate a team responsible for conducting the review for that system.
• Create a group for the team you identified in the previous step
• Assign your dummy account to the group you created on the previous step
• Enable the Account Review Portal