ZenGRC

Simply Powerful GRC

GRC

Plum Release Features: Import Improvements, Downloadable Reports, Configurable Displays and More!

· ·

ZenGRC was created with the vision of revolutionizing compliance management. At the core of this vision is the belief that when managed properly, compliance can be an incredibly exciting and valuable strategic asset. At ZenGRC, we are hard at work, improving our product so that it is optimized for the needs of our customers.

Our latest release of ZenGRC, was driven by this optimization process and saw the introduction of several new features that will empower our users to better handle their compliance needs with ease. Below is a summary of these new features as well as explanations of their benefit to the user.

Import Revamp

Data-entry is a tedious task and we know that you have better things to be doing. In our Plum release, we’ve made a vast number of UX improvements to help you spend as little time on data import as possible. Let’s start with how we import.

New Feature: Any import activity (getting a template or importing a template) can be found universally in the top horizontal navigation.



Once you have gone to the import page, if you are in content-creation mode, here’s the experience:
On the left-side, you can upload a template ready for import. On the right-side, you can download templates.

Screen Shot 2015-11-03 at 3.28.09 PM

Configuring Templates

New Feature: Import as many object types as you want on a single spreadsheet.
You can now tell ZenGRC to give you a single template with all of the object types that you’d like to import at the present time. Simply select the object types, and click to download the .csv file to open in Excel or Gsheet. If you’ve mis-clicked an object, simply click the trash-can icon to remove it from your template.

New Feature: Every object type allows batch .csv import. 
Screen Shot 2015-09-08 at 12.01.47 PM

Template Improvements

We’ve seen how easy it is to get to your import module and obtain the object-specific templates, now let’s take a look at improvements to the template itself.

New Feature: We now offer complete flexibility within import template functionality.

All object-object mappings are possible. Custom attributes appear on the template pre-populated. Objects can be batch unmapped and deleted. We’ve enhanced ZenGRC’s flexibility with regards to true many-to-many mappings. Our new universal and configurable import template allows you to designate any object in a “map: object” column header.

Flexible mapping
Screen Shot 2015-09-08 at 12.17.39 PM

People make mistakes. We’re all human. Thankfully, the Plum import template also allows for bulk unmap. Simply use the template and designate a column header “unmap: Object”. Objects can also be batch deleted using a column header “Delete”.

Import Improvements

We’ve gotten our template set up easily, and now we’re ready to import.
We click the button:

                                  Screen Shot 2015-09-08 at 1.04.33 PM

and select our populated .csv file.
Let’s first look at an error-free, import attempt for System and Control objects:


Screen Shot 2015-09-08 at 1.07.16 PM
All the mandatory attributes are populated. The codes are unique, and titles are there.

Screen Shot 2015-11-03 at 3.35.10 PM
“Perfect” object import. Now we see:
Screen Shot 2015-11-03 at 3.36.29 PM

Updating Objects

Re-importing objects with revised content has been greatly improved in Plum.

New Feature: The import review screen has been redesigned and provides far more detail on the status of your update import. 

If you update just a few, but not all objects within a .csv, ZenGRC won’t give you any warnings. Just a simple tally of updated versus ignored objects.

If there are unreconcilable mistakes, such as 2 identical object codes, ZenGRC will still forgive you and import what it can. It will simply tell you what went wrong, but still proceed with updating all the other objects.

Screen Shot 2015-09-08 at 12.20.19 PM

Downloadable Reports

With the new Data Export feature, you can download a report on any object (and update them with changes if needed). When downloading reports, you can use same templates that are used for imports. You can even export specific objects depending on their mapping with other objects in the system, and choose which attributes to export for each of the objects as well.

Screen Shot 2015-09-08 at 12.21.02 PM

UX Wins

With the latest release of ZenGRC, we also implemented significant performance enhancements for the user.

Screen Shot 2015-09-08 at 12.21.35 PM

Configurable Headers

In the world of governance, risk, and compliance, content and objects are plentiful. Simply looking at a large set of objects requires customizable lenses. In Plum, our macro view of long lists of objects improves in detail. First, we’ve supplemented our filter bar with configurable headers.

Screen Shot 2015-09-08 at 12.22.05 PMYou can now select any stock or custom attributes to display in tree view.
Screen Shot 2015-09-08 at 1.18.17 PM
The gear icon in the top right corner of any list of objects will pop open a modal to allow toggling in any 5 attributes of choice. The current limit is set at 5 attributes shown at a time, due to limited width across the screen.

Sortable Headers

In addition to configurable headers, ZenGRC parallels desktop computer functionality with sortable headers. Once your headers have been configured per the attributes you’d like to see, you can easily sort the entire list of objects alphanumerically with 1-click.

Screen Shot 2015-09-08 at 12.21.50 PM      (sortable headers image)

Filter Mapped Objects in Tree View

Screen Shot 2015-09-08 at 1.21.30 PM

If any objects are mapped to an object in your list, you can now also choose which mapped objects you’d like to see in the child tree modal, which pops up with the mapped objects icon. Unlimited child tree object types are permitted.


Screen Shot 2015-09-08 at 12.22.14 PM

Common use cases for filtering the mapped objects include wanting to see a list of mapped company objects vs. standardized seed content objects (stock mappings for an authoritative source).

Redesigned Role Based Access Control (RBAC)

ZenGRC receives huge improvements in the logic and granularity of RBAC, or user authorizations. Global roles are more straightforward.

Global Roles
Every user falls into one of these roles:

    • No Access – for off-boarded team members (allows you to maintain a full audit history)
    • Creator – can create and edit their own objects, but can not see or edit any objects not owned by them (still have full ability to participate in workflows and audits)
    • Reader – same capabilities as creator but can view all objects within ZenGRC instance
    • Editor – same capabilities as reader but can edit any object in ZenGRC (still no access to admin dashboard)
    • ZenGRC Admin – Superuser without any restrictions (exclusive access to admin dashboard where they can view the events log, edit program users and their authorizations, and edit custom attributes)

Program roles
To access program roles, open a program, then go to the People widget. Expand the person in question and then Edit Authorizations:

Screen Shot 2015-11-03 at 3.10.26 PM

Program permissions are best way to organize access control within ZenGRC.

Performance enhancements

Backend refactoring
The relational model is re-imaged for mappings to make performance workable for data export and data grid. The impact – faster performance.

Faster visual loading times
Every tree in the app now uses lazy loading, which relieves apps performance. With all other features, like sortable headers, navigating to the desired object is faster and simpler.

Jira Integration (beta)
Our workflow module in ZenGRC is now synced with your JIRA instance. Create and manage workflows in ZenGRC and collaborate and execute tasks in JIRA. Tasks generated in ZenGRC will generate issues in JIRA. Task/Issue status changes, comments, labels, components will all sync bidirectionally.

You have the ability to choose which tasks within a workflow are synced with JIRA. With this new JIRA integration, your non-compliance team members will not necessarily be required to log into ZenGRC.

As this is a beta feature, we will be refining the functionality and adding additional customization options in the future.

Screen Shot 2015-10-28 at 12.25.28 PM
Improved On-Prem Deployment process

ZenGRC now supports Docker, diminishing the time needed for on-prem technical administrators to both install and upgrade their ZenGRC instances.  ZenGRC uses a private Docker repository on the official Docker Hub for images. A successful on-premise deployment will require a linux server installed with the Docker engine. Instructions to install Docker can be found at https://docs.docker.com/linux/step_one/.

Photo Credit: John Mcsporran

The Rise of GRC is caused by the Rise of the Cloud

· ·

The new generation of companies (like Twitter and Uber) go from zero dollars to billions in five years, not 50. Enterprise software startups land bigger deals, faster, because they are more agile than 20 years ago, and they deliver their offerings via the cloud.  All of them are getting hit with risk and compliance issues much earlier in the life of their companies.  Why?

20 years ago, when a vendor sold software, they would give the customer a CD, and nobody cared about the vendor’s internal house.  Things were easy, nobody cared much about compliance.

But 10-15 years ago the cloud started to rise.  The world shifted to subscription models and logins, and suddenly enterprise customers started to care about risks and how venders comply to the various security standards around their data (SOC 2, ISO, etc).

Over the past 5 years, if an enterprise software vendor wants to grow faster and sell to larger companies, they need to be SOC 2 compliant.  If they want to sell to the U.S. government, they need Fedramp.  Before, it would take a decade for a vendor to close those deals, if ever.  Now it takes 18 months.

For these companies to survive, they must put resources towards risk and compliance issues.  If they use the blunt tools of 20 years ago they may be able to put their internal house in order, but they will also find that their business processes ossify, and their agility will erode.

For these companies to thrive long into the future, they must treat these GRC projects like any other IT project, and apply their resources towards using agile methodologies, techniques, and tools.

To thrive in the rise of GRC and use Agile Compliance techniques, read my previous post on tips to be more agile.

Photo Credit: theaucitron

Welcome to the Zen of GRC

· ·

Welcome to the Zen of GRC – a new voice in the world of governance, risk management, audits, and compliance.

For many companies, the challenges of compliance can be at odds with innovation. They spend valuable time and resources struggling with a compliance burden that is growing in both complexity and size. Yesterday’s approach of disjointed spreadsheets, emails, documents, and manual processes stifles innovation rather than supporting it.

But when companies are growing from zero to billions in no time flat, it’s all the more important that they govern their compliance requirements effectively in order to scale properly. Every company, from the smallest startup to a giant corporation, must find an agile way to deal with their compliance needs. That is where the Zen of GRC comes in.

I’m Ken Lynch, founder and CEO of Reciprocity, a startup with a new take on compliance. In this blog we will explore the GRC world with some new perspectives. Like a walk through a Zen garden, we will explore new and unexpected developments in the industry, and sometimes pause to contemplate the way the GRC world is going.

Along the way, we will be sharing news and announcements that you need to know – trends that you should be aware of to stay secure and compliant – as well as guest posts from domain experts and thought leaders to explore GRC topics in depth. Things are moving fast in the industry, and we want to help you stay on top of it.

In the spirit of Zen, this journey through GRC doesn’t necessarily have a defined destination or finish line – the goal is the journey itself. Reciprocity is working hard to make compliance cool, and the Zen of GRC will not just help you learn more about compliance, but show that compliance and innovation need not be mutually exclusive.

Photo Credit: Ahmad Nizam Awang