An organization can use GRC calculated links to view connections between GRC records in
a hierarchy that are not directly connected.
GRC provides a table structure that maintains all possible combinations of links and then links
everything together in the hierarchy you create.
GRC uses these rules when calculating links:
- Links are calculated between authority documents, and policies, risks, and controls. These
links are shown in forms, together with the method of connection, in addition to other related
- Links are calculated between controls, policies, and risks when rolling up control test
results for authority documents, policies, and risks.
- Authority documents and citations are at the top of the hierarchy. Control test definitions
and control test instances provide data about the number of passing and failing control tests
at all levels. Controls, policies, and risks are equal components. Links can go in any
direction between these elements.
- An authority document and its citations are treated as a single entity. A direct link to an
authority document is the same as a direct link to the related citations. Components linked
directly to citations are linked to the authority document with the calculated -
direct link, created specifically for this purpose. Calculated links are only created
to the authority document and not to the citations.
- The system only creates links between components configured as pertinent. See Create a GRC citation - Legacy. For example, if an authority document, a risk, and a
policy are all linked together, and the risk is configured as not pertinent, the system cannot
link the policy to the authority document when rolling up data for reporting.
- Users cannot manually delete calculated links.