GRC profile scoping

The Scoping module contains profiles and profile types for use in all GRC-related applications. They can be created for any record on any table.

The GRC: Profile plugin contains the Scoping module and is not visible to customers and requires activation of the Policy and Compliance Management plugin, the Risk Management plugin, or the Audit Management plugin.

Only one profile can exist for a record. That profile, however, can belong to many profile types. Profile types and profiles are used differently depending on the application:
  • Risk managers use profile types and profiles to monitor risk exposure and perform risk assessments.
  • Policy and compliance managers use profile types and profiles to create a system of internal controls and monitor compliance.

Profiles

Profiles are the records that aggregate GRC information related to a specific item. Each profile is associated with a single record from any table in the application. Profiles cannot be created for items that do not have a record in a table in the platform.

Profile Classes

Profile classes allow GRC managers to separate profiles for better distinction. For example, Business Service Profiles, Department Profiles, Business Unit Profiles, and the like.

Profile Types

Profiles types are dynamic categories containing one or more profiles. Business logic automates the process of creating and categorizing any profiles in the system that meet the profile type conditions. Profile types are assigned to policy statements, which generate controls for every profile listed in the profile type.