How Ivanti Neurons for GRC Works

This is a high-level overview of how you can use this software. The steps and order vary depending on your organization's approach and requirements for risk and compliance management.

Neurons for GRC Workflow

1.After you apply the software package, import Citations and Controls. You can manually create them, but we recommend you utilize the import for consistency and ease of entry. You'll need Citations and Controls in the system before you can link them to Authority Documents.

2.Create Authority Documents to link to Citations and Controls.

3.Create questions and assign Risk Values, Question Impact, and Question Sequence to use the Risk Assessment form. Risk Mitigation Questions and Threat Analysis Questions populate the Risk Assessment.

4.Create Policies to track related Controls.

5.Create Risks to manage potential problems.

6.Create Mitigation Plans to use with other Neurons for GRC Business Objects to ensure compliance with Audits, Risks, Citations, and Controls.

7.Create Exceptions to gain approval for non-compliance with an Audit or Policy.

8.Create a Risk Assessment to discover, correct, or prevent security problems.

9.Create Audits for scheduled review of compliance related to an industry standard such as ISO 20071:2013 or key Configuration Items (infrastructure, supporting services, or collateral). Auditors can request evidence to support Audit findings.

10.Manually create Controls and Citations and link Citations to Controls.