Episode 7
Data Entry
Identify and Create data in eramba
Introduction
In this phase, you will identify data (Policies, Risks, etc) and upload it to eramba. Is CRUCIAL that you input real data, a system with non-accurate data produces non-accurate information.
On the left panel, click on the "Use Case" you previously selected. Read the documentation and then complete tasks.
Risk Management
Required Learning:
- Asset Management course
- Risk Management course
- Policy Management course
- Internal Controls course
- Project Management course
- Exception Management course
- Online Assessments are optional if you would like to use online questionnaires for Risk identification
Implementation Tasks:
- Identify Risks
- Identify Risk Solutions
- Create Risk Inputs (BUs, Assets, Third Parties, etc.)
- Create Risk Solutions (Policies, Controls, Exceptions & Projects)
- Create Risks
Optionally:
- Use CSV Imports to create Solutions, Inputs and Risks quicker
Compliance
Required Learning:
- Compliance Management course
- Policy Management course
- Internal Controls course
- Project Management course
- Exception Management. course
Implementation Tasks:
- Identify Compliance Requirements
- Create or Use our existing Packages
- Import Compliance Packages
- Optionally, Configure Mappings in between packages
- Identify Compliance Solutions (Policies, Controls, Exceptions & Projects)
- Create Compliance Solutions (Policies, Controls, Exceptions & Projects)
- Associate Solutions with Compliance Requirements
Optionally:
- Use CSV Imports to create Solutions and map them to Compliance Requirements
Incident Management
Required Learning:
- Incident Management course
Implementation Tasks:
Online Assessments
Required Learning:
- Online Assessment course
Implementation Tasks:
- Define your OA questionnaire strategy, this is particularly important as you now need to work on the questionnaires you will send to each audience.
- Create OA questionnaires using Spreadsheets, you can use our templates as inspiration.
- Upload them to the OA module in the Questionnaires tab
- Create a test OA, to test how the questionnaire formatting and logic work out.
- You can use as "OA Recipient" the group you defined for your audience (the Dummy account should be inside that group). As "Assessor" you can use your GRC group.
- Set the OA to "Not Authenticate" so is quicker to test it.
- Review how responses are logged (using the OA or the Main portal) and review, and adjust customisations and the questionaire as needed.
- Test your evaluation and scoring strategy to make sure you have the custom fields you need.
- Repeat the previous steps until your questionnaires work as intended
- Delete all OAs you created to test.
Optionally:
- Use CSV Imports to create OAs
Awareness Programs
Required Learning:
- Awareness Programs course
Implementation Tasks:
- For each one of your audiences, define and create the Awareness Program content
- For each one of your audiences, define Awareness Program Frequency
- Define the number of Awareness Programs needed
- Create Awareness Programs, make sure their settings reflect the definitions made on the previous steps. Also make sure the audience groups have only the dummy account inside.
- For each one of your Awareness programs, test them using the Demo mode. The idea is to make sure content and portal layout suit your needs.
- You can now start each Awareness program. The day after you will receive emails to your dummy account inviting you to complete the training.
- Complete the training following the email instructions, this is a great time to check if the invite email looks ok.
- If there is any modification needed on the awareness program (email, settings, content, etc.), pause the awareness program and update it. When modifications are completed, reset counters
- Once all is tested and all seems good, leave the program in pause mode
Account Reviews
Required Learning:
- Account Reviews course
Implementation Tasks:
- Define the system for which you want to Review Account
- Define how often and what type of Review you wish to Perform
- Create an Account Review, make sure their settings reflect the definitions made on the previous steps. The Owner will be the GRC team group and the Reviewer the group you created on earlier stages.
- After creating the account review, click on the item menu and "Start"
- eramba will perform the first review (and pull if necesary) at midnight
Playlist
- Episode 1The Journey2 mins left
- Episode 2Phases2 mins left
- Episode 3Use Cases3 mins left
- Episode 4Installation or SaaS0 mins left
- Episode 5Access Management5 mins left
- Episode 6Customization5 mins left
- Episode 7Data Entry3 mins left
- Episode 8Reporting1 min left
- Episode 9Automation1 min left
- Episode 10Rollout4 mins left