How Ivanti Neurons for GRC Works
This is a high-level overview of how you can use this software. The steps and order vary depending on your organization's approach and requirements for risk and compliance management.
Neurons for GRC Workflow
1.After you apply the software package, import Citations and Controls. You can manually create them, but we recommend you utilize the import for consistency and ease of entry. You'll need Citations and Controls in the system before you can link them to Authority Documents.
2.Create Authority Documents to link to Citations and Controls.
3.Create questions and assign Risk Values, Question Impact, and Question Sequence to use the Risk Assessment form. Risk Mitigation Questions and Threat Analysis Questions populate the Risk Assessment.
4.Create Policies to track related Controls.
5.Create Risks to manage potential problems.
6.Create Mitigation Plans to use with other Neurons for GRC business objects to ensure compliance with Audits, Risks, Citations, and Controls.
7.Create Exceptions to gain approval for non-compliance with an Audit or Policy.
8.Create a Risk Assessment to discover, correct, or prevent security problems.
9.Create Audits for scheduled review of compliance related to an industry standard such as ISO 20071:2013 or key Configuration Items (infrastructure, supporting services, or collateral). Auditors can request evidence to support Audit findings.
10.Manually create Controls and Citations and link Citations to Controls.
11.Create Attestations and Control Indicators for a Control. Attestations assist you by documenting that a Control has been implemented, how it has been implemented, and why. Control Indicators help you to assure that a Control is compliant, and demonstrate/ensure it is reviewed on a regular basis.