Is AlterRisk a multi-user system?

Yes. You can create as many users as you want. These are typically business owners who are responsible for the entities or risks entered into the application.

However, there are also several other roles with their according permissions that can use certain parts of the application. These include project managers, managers, groupAdmins, etc.

From the application version 4.4 onwards, AlterRisk can also be used through a groupAdmin feature, which allows a parent company to track the GRC processes of its several child companies. In other words, the administrators of each child company can only access their company's data, while the groupAdmin can track all of its child companies' data in one place.

A large portion of the data is related to users who either have the right to view "their" data or update it. As outlined above, this concerns the following data:

Entities – the owner/guardian is entered,
Risks – data is entered about the risk owner/guardian and the person who assessed the risk,
Controls – data is entered about the control owner/guardian,
Control Plan – data is entered about the person who performed the review,
Control Implementation Plan – data is entered about the responsible and accountable person,
Findings – data is entered about the person who recorded the finding,
Loss Database – data is entered about the person who recorded the loss.

If the username of the person using the AlterRisk application is entered in any of the above-mentioned data sets, and that user is assigned the "Users" role, the user will only be able to view the data (from the above lists) for which they are the owner/guardian/assessor/responsible person, etc.

Instead of entering a person's name, it is also possible to enter the name of an organizational function (e.g., CISO, Developer, Database Administrator, IT Sector Director, etc.). In such cases, in order to maintain multi-user functionality (e.g., restricting data based on the "Users" role), it is necessary to enter these organizational functions and link them to the appropriate usernames from the application. This can be done through the interface accessible by navigating to Administration -> Organizational Functions.