Configuration steps to filter IT-related data for IT Compliance Home page

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuration Steps to Filter IT-Related Data for IT Compliance Home Page

    This document outlines the essential steps for configuring the IT Compliance Home page to filter and display IT-related data for compliance managers. The process involves data segregation, auto-association of related items, and displaying the filtered data effectively in the Compliance Workspace.

    Show full answer Show less

    Key Features

    • GRC Data Segregation: The Functional domain field is added in the Settings tab of all Compliance Workspace forms to classify data as IT-related. Users should set the functional domain to IT risk and compliance.
    • Auto-Association of Segregated Data: When an audit or compliance object is tagged as IT-related, all associated items are automatically recognized as IT-related, ensuring consistent categorization. Configuration of this feature is managed in the GRC Administration section.
    • Manual Tagging for Auto-Association: Users must manually tag certain base forms to facilitate the auto-tagging of child records. This ensures that relationships are maintained even if tags are removed or added.
    • Scheduled Job for Updates: A daily job runs to update relationships and auto-associate child objects with the appropriate functional domain based on user actions.

    Key Outcomes

    By following these configuration steps, IT compliance managers will be able to access a refined view of IT risk and compliance data within the Compliance Workspace. This streamlined display enhances their ability to monitor and manage compliance effectively.

    There are three distinct steps that must be followed to segregate, associate, and display the IT-related data for the IT compliance manager to view in the IT Compliance Home page.

    GRC data segregation

    In all the Compliance Workspace related forms, the Functional domain field is added in the Settings tab to segregate a particular data and classify it as IT related data. The user must add IT risk and compliance as the functional domain.

    Figure 1. Functional domain field
    Functional domain setting.

    The Functional domain field is available in all GRC compliance and audit workspace related forms such as Entity, Control, Control Objective, Policy, Authority document, Citation, Entity type, Entity class, Issue, Indicator, Indicator template, Acknowledgement campaign, Policy exception, Engagement, Test template, Test plan, Issue triage, Observation, Plan, Audit task, Milestone, Evidence request, and Evidence.

    Auto-association of the segregated data

    If an audit or compliance object is identified as IT related, then all the related items associated to this object are also identified as IT related. The Functional domain configuration [sn_grc_functional_domain_configuration] table stores the data registry relationship between the parent object and its related child objects within the IT risk and compliance functional domain.

    For example, if an entity is classified as IT related entity, then all the controls associated to this entity are auto-associated as IT-related controls. The related child object has all the configurations defined such as the parent table, the child table, and the relationship between the two.

    As a system admin, you can define this configuration by navigating to GRC Administration > Functional domains > Domain inheritance. User must manually add the tag, functional domain, in the base forms such as Policy, Authority document, Entity type, Entity class, Entity, Plan, Engagement for auto-tagging the child records. When a parent table is tagged with a particular functional domain, and if the user removes the tag from one of its child records, then the removed tag is not added during auto-association. Similarly, if the user manually adds a tag, then the added tag is not removed during auto-association. The GRC functional domain user action [sn_grc_functional_domain_user_action] table captures and stores all manual actions of the user in the Functional domain field of the record that belong to a particular table in the respective functional domain.

    For more information on setting up auto-tagging, see the IT Compliance Workspace – Setup and Configurations for auto-tagging [KB1124058] article in the Now Support Knowledge Base.

    Figure 2. Functional domain configuration
    Functional domain configuration.

    A scheduled daily job (GRCObjectsFunctionalDomainChanges) runs and gathers the user's manual actions recorded in the table to read these relationships, auto-associate the child object to IT risk and compliance functional domain, and auto-populate the record in the related item of the parent table.

    For more information on the tables used for IT compliance workspace, see Components installed with Policy and Compliance Management.

    Display segregated data to IT compliance manager in IT Compliance Home page

    The IT compliance manager is the user who can access the IT risk and compliance data in the Compliance Workspace. In the List view of the Compliance Workspace, there is a filter that restricts the display of all audit and compliance data but refines to display only the IT risk and compliance data. The filter uses the Functional domain field in the all the audit and compliance related base forms to filter and display the IT related data in the Compliance Workspace List modules.

    Figure 3. IT risk and compliance data filter
    IT risk and compliance data filter.
    Note:
    An admin or any user with both corporate compliance manager and IT compliance manager roles can view two list modules with the same name.