Customizable Picklist Label Values

Detailed list of customizable classification picklist labels along with their defaults and how they are used.

3 min read

Asset (Host) Values

The following are the default Isora GRC asset picklist label values. If these should need to change for your organization, reach out to support@saltycloud.com with the values that work for your organization.

Classification: Confidential, Protected, Published, Unknown, surplus

Categories (within Confidential): Health, Ferpa, Financial, ssn, research, Critical to unit, Critical to org

Priority: Normal, Important, critical

System Type: Personal, Laptop, Desktop, Server, Video, security, Printer, Phone, Classroom, AV, infrastructure

How are they used?

These labels are used when categorizing assets in the inventory, or when you perform asset enrichment as part of a unit assessment.

In the following example, an asset is confidential and it has data that falls under the ferpa, ssn and financial categories. It has critical priority and it's a server type of system.

💡
Assets are referred to as hosts in the old UI.

Application (App) Values

The following are the default Isora GRC application picklist label values. If these should need to change for your organization, reach out to support@saltycloud.com with the values that work for your organization.

Classification: Confidential, Protected, Published, Unknown, surplus

Categories (within Confidential): critical to organization, critical to unit, ferpa, financial, health, research, ssn

Priority: normal, important / non-critical, critical

App Deployment Environment: Production, Development (application deployments are optional and the field is unnamed. It is customarily used for an environment label but you could put anything in this drop-down).

How are they used?

These labels are used when categorizing applications in inventory, and the classification and categories are also specified when you do the application enrichment part of an application assessment.

In the following example, an application is classified as confidential and it has data that falls under the health and financial categories. It has important/ non-critical priority.

💡
Applications are referred to as apps in the old UI.

Third-Party Vendor Product Deployment Values

The following are the default Isora GRC third-party vendor product deployment picklist label values. If these should need to change for your organization, reach out to support@saltycloud.com with the values that work for your organization.

Classification: Confidential, Protected, Published, Unknown, surplus

Categories (within Confidential): Health, Ferpa, Financial, ssn, research, Critical to unit, Critical to org

Environment: Production, Testing, Development

In the following example, a production environment vendor product is classified as confidential with information that’s critical to the organization. Note that deployments also have a Scope drop-down, but that one is not customizable.

Vendor Product Picklist Values

The following are the default Isora GRC vendor product picklist label values. If these should need to change for your organization, reach out to support@saltycloud.com with the values that work for your organization.

Vendor Verticals: Default Category -

  • Classroom / AV Technology Services
  • Collaboration Services
  • Customer Relationship / Support Services
  • Cybersecurity Services
  • Database Services
  • Document Management Services
  • Donor / Development Services
  • Email Services
  • Event Management Services
  • Financial Services
  • Identity / Access Management Services
  • Infrastructure as a Service (IaaS)
  • Networking Services
  • Print Services
  • Research Management Services
  • Storage Services
  • Student Information Management Services
  • Survey Services
  • Telecommunications / Voice Services
  • Web Hosting Services

There is an alternative default list of vendor verticals that is also being provided on an as-requested basis. It is based on the verticals used by the HecVAT tool from Educause (See also: https://www.educause.edu/ ). The alternative list is more exhaustive and is broken down into several categories.

How are they used?

The vendor vertical label is used when you create a vendor product entry within Isora GRC’s inventory. This value is not determined by vendor assessment. You can only choose one vertical for each vendor product.

See also: Customizing Isora GRC

Related articles
Did this answer your question?