Information on the GRC design in Jakarta

The new GRC plugin in Jakarta that includes the creation of profiles and profile types enables you to bundle all the logical controls and risks together into a comprehensive profile, and then group similar profiles into a common type. This redesign means you can manage profiles better, and assign profile ownership to someone who can oversee all the related controls, risks, and issues. GRC users can define this structure once, and benefit from modularity and automation of the various components.

For example, if you create profiles for different types of servers (Windows, SQL, Oracle, and UNIX), you could create a profile type to bundle these profiles together. When a new server is added in CMDB Server table, a new profile will be created automatically and would be added to your profile type. In the older system, you would have to create control manually for these servers each time a new server is added to the list. With the new GRC design, you can automate creation of controls by applying a policy/policy statement to a profile type that will create controls for each server/profile, including the new profile that is generated later.

With the new design, you can create only one indicator task/control test for each control as opposed to creating a single task. That might seem like too much work in some cases where you want just one task. However, in other cases where your controls can be unique to your server/profile, it might be more useful. You might want to test each control in light of the server/profile that you are testing, and want to test it individually and provide unique result, which can now easily be done. The creation of control tests and indicators is automated so you do not have to manually create them.

The following product documentation topics describe the GRC features and the migration process from the legacy plugin:

Governance, Risk, and Compliance (GRC)

Migrate from Legacy GRC

Article Information

Last Updated:2017-11-20 15:22:28