Dear GRC consultants,
I was working with GRC 5.3 system in my previous project. Recently we have migrated to GRC 10.0. I always had a question on my mind about GRC mitigation controls being attached to business unit or Org.Units.
Why a mitigation control needs to be tagged to a business unit [GRC 5.3] or to Org.Unit [GRC 10.0]?
What is the benefit of tagging a control to these units or org,hierarchy?
Although I am creating mitigation controls following the process provided by documents, I wanted to understand the reason behind this. Someone please help me to understand the purpose of Business Unit or Org.Unit and how are they beneficial in GRC process.
Thanks in advance.
Regards,
Sai.