- Entity: In Governance, Risk, and Compliance, entities can be people, processes, departments, applications, or objects, whose exposure must be managed.
- Control: Compliance frameworks such as SOC2, ISO27001, FedRAMP, etc. consist of requirements that need to be satisfied to be compliant with each framework. Controls the measures organizations put into place to satisfy these requirements.
- Evidence: Evidence refers to the proof an organization has implemented the necessary controls to satisfy a compliance requirement. Screenshots, policies, and CSV exports from various SaaS tools are common types of evidence submitted to auditors.
- Assessment: Assessments are a set of questions related to the evidence uploaded for the control in order to validate that the evidence satisfies the control requirements. Assessments are typically assigned to the owner of a given control.
Governance, Risk, and Compliance (GRC)
Governance, Risk, and Compliance Integrations
Information about the Governance, Risk, and Compliance(GRC) integrations available in Leen. Find out which fields are supported by each integration and how to configure them.
Leen’s GRC integrations are bi-directional i.e. these integrations allow you to read data that’s relevant to audits as well as post data back to GRC platforms.
The objects covered by Leen’s GRC model are as follows. All 4 of these objects are related to each other: