What is the purpose of comments?
The comments feature enables collaboration on survey questions directly within Isora GRC.
Imagine for example that while responding on a unit survey, a survey participant is confused about how to understand the question and they want to ask the assessment manager for more info. They can create a new thread on the question itself, and the assessment manager can reply on the thread. If necessary, there can be a back-and-forth conversation until clarity is reached.
Alternatively, suppose you are managing an application assessment. As you review the responses, you realize that the application delegate did not provide adequate documentation or explanations on one of the questions. So you add a comment, and the application delegate reviews it and makes some changes. Then, as the originator of the thread, you can mark the thread as resolved, which hides the thread from the default view.
Using comments allows you to keep all of the communication about the question inside of Isora GRC’s secure platform, rather than having to email each other or use some other means.
What is the purpose of notes?
Notes give you a place within Isora GRC to provide summary information on a survey or completed report.
For example, imagine that a new application has just been assessed for security risk for the first time, and the survey results are not looking promising. There are a lot of security flaws that need to be addressed. The application delegate posts a note on the survey explaining that the issues are understood and a mitigation strategy is in place, with a goal to reach a better score in the next assessment.
This feature is in development and more specific information about how to use it will be posted soon.