...
There is no established standardized account structure and interaction for SaaS applications in general or for GRC solutions in particular. Nor does UC publish or use and a standardized account structure mechanism for any of its existing applications including Mapper, Dictionary, or the UCF.
With no agreed upon standardized account structure and interaction, it makes it difficult unnecessarily complicated for systems and applications to easily communicate and share information with one another.
...
Establishing and utilizing a standardized account structure shows and interaction will
Highlight UC a thought leader in the GRC space
...
Make it easier for third-party applications to integrate with UC applications and
...
will meet or beat third-party requirements as to establishing trust
...
...
Set a standard for all future UC applications on how to establish trust in order to facilitate contribution
...
Subscription / Pricing / Billing Impacts
There is no direct monetization component tied to Standardized Accounts; however, content contributed by third parties to the public federated database will need to be attributed to the person or organization that contributed the content and for monetization. In addition, data usage will need to be tracked specifically to users and accounts for billing purposes. Standardized accounts are in integral part of establishing who will be charged and given credit for contribution.
...
Partners such as AuditBoard and Service Now might will be good candidates to test integration with their applications, ; however, until content is made available, the value for establishing trust with no actual sharing is minimal.
...
It assumed that third-party applications will have similar enough account requirements that they will be able to setup accounts (primarily using organization, accounts, and users) that they can integrate directly with UC applications once in place.
Risk is that the establishment of organizations, accounts, and users may create a confusing onboarding and login experience driving prospects and customers away. The onboarding and login user experience must be made easy to use else it could get very confusing as to why organizations, accounts, and users are all needed.
Milestones and Phases
List the project milestones along with how that milestone can be successfully measured.
...
Requirement | User Story | Importance | Jira Issue | Comments |
|---|---|---|---|---|
Organization | Reference to the GRCschema definition | |||
Ability to create , update, and delete an organizationand setup a new Organization with all required information as identified in the standardized account definition | ||||
Ability to update an existing organization including name, email address, and other fields identified in the | ||||
change org avatar name and color | ||||
Register for mapper and gain access to profile and email | ||||
RBAC for at least admins vs others | ||||
Ability to create, update, and delete one or more accounts associated to an organization | ||||
Ability to create, update, and delete a user | ||||
Ability to associate / disassociate a user from an account | ||||
Ability to request / remove rights for a user to publish to the UC Federated Database | ||||
Multiple user names | ||||
Make one name primary | ||||
Remove all names but one | ||||
Define aliases | ||||
remove all aliases | ||||
phone numbers | ||||
email addresses | ||||
social media addresses | ||||
street addresses | ||||
teams | ||||
roles | ||||
contributor gating / approval governance |
Open Questions
List any open questions that come to mind throughout the lifecycle of this project
...
User Interaction and Design
Link to mockups, prototypes, or screenshots related to the requirements.GRCschema - Organization
Process Flow Diagrams
Links to user journeys, process flow, or other diagrams related to the requirements.
...
If there are UI components to this requirement, list the main areas where interactive user guides would be needed.
Additional References
...
Account Standardization - Readme
The importance of Federated Linked Data to Compliance as Code - Compliance as Code
The interpretations of Compliance as Code - Compliance as Code