ZenGRC was created with the vision of revolutionizing compliance management. At the core of this vision is the belief that when managed properly, compliance can be an incredibly exciting and valuable strategic asset. At Reciprocity, we are hard at work, improving our product so that it is optimized for the needs of our customers. Our latest release of ZenGRC, was driven by this optimization process and saw the introduction of several new features that will empower our users to better handle their compliance needs with ease. Below is a summary of these new features as well as explanations of their benefit to the user.
Data-entry is a tedious task and we know that you have better things to be doing. In our Plum release, we’ve made a vast number of UX improvements to help you spend as little time on data import as possible. Let’s start with how we import.
New Feature: Any import activity (getting a template or importing a template) can be found universally in the top horizontal navigation.
Once you have gone to the import page, if you are in content-creation mode, here’s the experience:
On the left-side, you can upload a template ready for import. On the right-side, you can download templates.
New Feature: Import as many object types as you want on a single spreadsheet.
You can now tell ZenGRC to give you a single template with all of the object types that you’d like to import at the present time. Simply select the object types, and click to download the .csv file to open in Excel or Gsheet. If you’ve mis-clicked an object, simply click the trash-can icon to remove it from your template.
New Feature: Every object type allows batch .csv import.
We’ve seen how easy it is to get to your import module and obtain the object-specific templates, now let’s take a look at improvements to the template itself.
New Feature: We now offer complete flexibility within import template functionality.
All object-object mappings are possible. Custom attributes appear on the template pre-populated. Objects can be batch unmapped and deleted. We’ve enhanced ZenGRC’s flexibility with regards to true many-to-many mappings. Our new universal and configurable import template allows you to designate any object in a “map: object” column header.
People make mistakes. We’re all human. Thankfully, the Plum import template also allows for bulk unmap. Simply use the template and designate a column header “unmap: Object”. Objects can also be batch deleted using a column header “Delete”.
We’ve gotten our template set up easily, and now we’re ready to import.
We click the button:
and select our populated .csv file.
Let’s first look at an error-free, import attempt for System and Control objects:
All the mandatory attributes are populated. The codes are unique, and titles are there.
“Perfect” object import. Now we see:
Re-importing objects with revised content has been greatly improved in Plum.
New Feature: The import review screen has been redesigned and provides far more detail on the status of your update import.
If you update just a few, but not all objects within a .csv, ZenGRC won’t give you any warnings. Just a simple tally of updated versus ignored objects.
If there are unreconcilable mistakes, such as 2 identical object codes, ZenGRC will still forgive you and import what it can. It will simply tell you what went wrong, but still proceed with updating all the other objects.
With the new Data Export feature, you can download a report on any object (and update them with changes if needed). When downloading reports, you can use same templates that are used for imports. You can even export specific objects depending on their mapping with other objects in the system, and choose which attributes to export for each of the objects as well.
With the latest release of ZenGRC, we also implemented significant performance enhancements for the user.
In the world of governance, risk, and compliance, content and objects are plentiful. Simply looking at a large set of objects requires customizable lenses. In Plum, our macro view of long lists of objects improves in detail. First, we’ve supplemented our filter bar with configurable headers.
The gear icon in the top right corner of any list of objects will pop open a modal to allow toggling in any 5 attributes of choice. The current limit is set at 5 attributes shown at a time, due to limited width across the screen.
In addition to configurable headers, ZenGRC parallels desktop computer functionality with sortable headers. Once your headers have been configured per the attributes you’d like to see, you can easily sort the entire list of objects alphanumerically with 1-click.
Filter Mapped Objects in Tree View
If any objects are mapped to an object in your list, you can now also choose which mapped objects you’d like to see in the child tree modal, which pops up with the mapped objects icon. Unlimited child tree object types are permitted.
Common use cases for filtering the mapped objects include wanting to see a list of mapped company objects vs. standardized seed content objects (stock mappings for an authoritative source).
Redesigned Role Based Access Control (RBAC)
ZenGRC receives huge improvements in the logic and granularity of RBAC, or user authorizations. Global roles are more straightforward.
Every user falls into one of these roles:
- No Access – for off-boarded team members (allows you to maintain a full audit history)
- Creator – can create and edit their own objects, but can not see or edit any objects not owned by them (still have full ability to participate in workflows and audits)
- Reader – same capabilities as creator but can view all objects within ZenGRC instance
- Editor – same capabilities as reader but can edit any object in ZenGRC (still no access to admin dashboard)
- ZenGRC Admin – Superuser without any restrictions (exclusive access to admin dashboard where they can view the events log, edit program users and their authorizations, and edit custom attributes)
To access program roles, open a program, then go to the People widget. Expand the person in question and then Edit Authorizations:
Program permissions are best way to organize access control within ZenGRC.
The relational model is re-imaged for mappings to make performance workable for data export and data grid. The impact – faster performance.
Faster visual loading times
Every tree in the app now uses lazy loading, which relieves apps performance. With all other features, like sortable headers, navigating to the desired object is faster and simpler.
Jira Integration (beta)
Our workflow module in ZenGRC is now synced with your JIRA instance. Create and manage workflows in ZenGRC and collaborate and execute tasks in JIRA. Tasks generated in ZenGRC will generate issues in JIRA. Task/Issue status changes, comments, labels, components will all sync bidirectionally.
You have the ability to choose which tasks within a workflow are synced with JIRA. With this new JIRA integration, your non-compliance team members will not necessarily be required to log into ZenGRC.
As this is a beta feature, we will be refining the functionality and adding additional customization options in the future.
Improved On-Prem Deployment process
ZenGRC now supports Docker, diminishing the time needed for on-prem technical administrators to both install and upgrade their ZenGRC instances. ZenGRC uses a private Docker repository on the official Docker Hub for images. A successful on-premise deployment will require a linux server installed with the Docker engine. Instructions to install Docker can be found at https://docs.docker.com/linux/step_one/.
Photo Credit: John Mcsporran