Episode 7
Data Entry
Identify and Create data in eramba
Introduction
In this phase, you will identify data (Policies, Risks, etc) and upload it to eramba. Is CRUCIAL that you input real data, a system with non-accurate data produces non-accurate information.
On the left panel, click on the "Use Case" you previously selected. Read the documentation and then complete tasks.
Risk Management
Required Learning:
- Asset Management course
- Risk Management course
- Policy Management course
- Internal Controls course
- Project Management course
- Exception Management course
- Online Assessments are optional if you would like to use online questionnaires for Risk identification
Implementation Tasks:
- Identify Risks
- Identify Risk Solutions
- Create Risk Inputs (BUs, Assets, Third Parties, etc.)
- Create Risk Solutions (Policies, Controls, Exceptions & Projects)
- Create Risks
Optionally:
- Use CSV Imports to create Solutions, Inputs and Risks quicker
Compliance
Required Learning:
- Compliance Management course
- Policy Management course
- Internal Controls course
- Project Management course
- Exception Management. course
Implementation Tasks:
- Identify Compliance Requirements
- Create or Use our existing Packages
- Import Compliance Packages
- Optionally, Configure Mappings in between packages
- Identify Compliance Solutions (Policies, Controls, Exceptions & Projects)
- Create Compliance Solutions (Policies, Controls, Exceptions & Projects)
- Associate Solutions with Compliance Requirements
Optionally:
- Use CSV Imports to create Solutions and map them to Compliance Requirements
Incident Management
Required Learning:
- Incident Management course
Implementation Tasks:
Online Assessments
Required Learning:
- Online Assessment course
Implementation Tasks:
- Make sure you have defined a Questionaire strategy for each audience.
- Create OA questionnaires or use our templates as inspiration.
- Import them to the OA module
- Create a test OA, In order to test how the questionnaire formatting and logic work out create a "Test" OA.
- As "OA Recipient" use the group you defined for your audience (a Dummy account should be inside that group). As "Assessor" use your GRC group.
- Set the OA to "Not Authenticate" to speed up testing.
- Optionally asociate items (Assets, Third Parties, Business Units, etc) to your OAs (you might need to create these items).
- Access the OA using the portal and complete the questionaire with dummy responses
- Review responses
- Test your evaluation and scoring strategy to make sure you have the custom fields you need.
- Optionally, create "Test" findings and asociate them to your OAs.
- Repeat the previous steps until your questionnaires work as intended and you feel comfortable using OAs.
- Delete all test OAs
Awareness Programs
Required Learning:
- Awareness Programs course
Implementation Tasks:
- For each one of your audiences, define and create the Awareness Program content
- For each one of your audiences, define Awareness Program Frequency
- Define the number of Awareness Programs needed
- Create Awareness Programs, make sure their settings reflect the definitions made on the previous steps. Also make sure the audience groups have only the dummy account inside.
- For each one of your Awareness programs, test them using the Demo mode. The idea is to make sure content and portal layout suit your needs.
- You can now start each Awareness program. The day after you will receive emails to your dummy account inviting you to complete the training.
- Complete the training following the email instructions, this is a great time to check if the invite email looks ok.
- If there is any modification needed on the awareness program (email, settings, content, etc.), pause the awareness program and update it. When modifications are completed, reset counters
- Once all is tested and all seems good, leave the program in pause mode
Account Reviews
Required Learning:
- Account Reviews course
Implementation Tasks:
- Define the system for which you want to Review Account
- Define how often and what type of Review you wish to Perform
- Create an Account Review, make sure their settings reflect the definitions made on the previous steps. The Owner will be the GRC team group and the Reviewer the group you created on earlier stages.
- After creating the account review, click on the item menu and "Start"
- eramba will perform the first review (and pull if necesary) at midnight
Playlist
- Episode 1The Journey2 mins left
- Episode 2Phases2 mins left
- Episode 3Use Cases3 mins left
- Episode 4Installation or SaaS0 mins left
- Episode 5Access Management5 mins left
- Episode 6Customization5 mins left
- Episode 7Data Entry3 mins left
- Episode 8Reporting1 min left
- Episode 9Automation2 mins left
- Episode 10Rollout3 mins left