Ivanti Neurons for GRC Workflow Diagrams

These workflows demonstrate the various features offered by Ivanti Neurons for GRC.

GRC Audit

An Audit is a scheduled review of compliance related to an industry standard, such as ISO 20071:2013 or key Configuration Items (infrastructure, supporting services, and/or collateral). Audits can be scheduled on a recurring basis and Actions (example: Preventative and Corrective) can be associated with Audit activities.

1	Required fields include: Name, Details, Source, Type, Priority, Level of Effort, and Lead Auditor.
2	When an Approval is Denied or Approved, the Approval Block ID is cleared. This removes the Approval tab so Approval History is not tracked.

Policy

Policies are used to create policy documents and track related Controls. The following graphic shows a Policy workflow.

1	Review Date field modified.
2	Current information is copied to the new record.

Authorization Document

Use an Authorization Document to define a set of Controls (individual requirements for specific areas of security) that align to industry standards, such as ISO 20071:2013. The following graphic shows an Authorization Document workflow.

Compliance Corrective and Preventative Actions

A Compliance Corrective Action is used to record and track reactive actions taken to ensure compliance of a policy or Control. You can create a Corrective Action directly from an Audit. A Compliance Preventative Action is used to record and track proactive actions taken to ensure compliance of a policy or Control. You can create a Preventative Action directly from an Audit. The following graphic shows a Corrective/Preventative Action workflow.

GRC Risk Assessment

Complete a Risk Assessment by answering a set of questions that are weighted using a classification scale driven by Table Management. The following graphic shows a Risk Assessment record workflow: