What Are the Different User Roles Available for My KCM GRC Platform?
This article describes different user types within the KCM Governance, Risk and Compliance (GRC) platform. If you are looking for KnowBe4's Security Awareness Training platform's Users and Groups product manual, click here.
Creating a User: Selecting a User Type
The KCM GRC platform consists of three different modules: The Compliance module, Policy Management module, and the Risk Management module. There are different user types under each module, and each user type has unique privileges in the KCM GRC console.
User Account Types
|Compliance User Type
||Licensed User (Y/N)
||Full access to all areas, Scopes, and modules within KCM GRC
Account Administrators have complete control over all aspects of the KCM GRC platform.
Account Administrators can:
- Add new user accounts
- Create custom Compliance Templates
- Convert Templates to Scopes
- Assign Task Responsibilities
- Create and update Controls
- Clone Scopes
- Add/Remove mappings between Scope Requirements and Controls.
As an Account Administrator, you are presented with a Global Dashboard which provides an overview of your organization's current compliance Tasks, and other useful information that pertains to the entire account.
A Scope Manager is any user with permissions set for one or more Scopes. Permission levels are set per Scope and define how the user will be able to interact with the Scope. The permission levels are as follows:
- No Permission
- Has no access to the Scope and cannot view it.
- View Only
- Can view the Scope but cannot interact with it.
- Links Only
- Can add DocuLinks as Evidence for Tasks within the Scope, but cannot upload files.
- File Upload Only
- Can upload files as Evidence for Tasks within the Scope, but cannot add DocuLinks.
- Links and File Upload
- Can add DocuLinks and upload files as Evidence for Tasks within the Scope.
- Scope Administrator
- Access to all data within their specified Scope(s). This includes the Scope's Requirements, Controls, Tasks, and Evidence.
- Can copy/duplicate Controls.
- Can edit and archive Scope Requirements.
- Can view reports and the My Dashboard portion of the Compliance module–containing data associated with allotted Scope(s).
- Cannot see items that are outside of their allotted Scope(s).
- User Responsible/Assignee
- Responsible Users are assigned to Tasks within a Control. The Responsible User will provide documentation or Evidence that the Control has been evaluated. Responsible Users will receive reminder emails based on the due dates of upcoming Tasks.
- Approving Manager
- Approving Managers receive notification emails when the Responsible User has submitted Evidence for review. The Approving Manager can then determine if the Evidence is sufficient, accurate, and complete. The Approving Manager can accept or decline the Evidence. If the Evidence is declined, the Approving Manager can add notes to the Task to let the Responsible User know what may need to be amended.
- Scope Manager (with Scope Administrator Privilege)
- Scope Administrators are granted access to one or more Scopes and are therefore only presented with the information they need to manage items within their Scope(s). Scope Administrators can satisfy Tasks and modify Controls and Requirements within their allotted Scope(s).
||Read-only access to specified Scopes, Policy Management Campaigns, and related reports
||Auditor accounts are used to give a reviewer, assessor, consultant, board member, or auditor read-only access to one or more Scopes. An Auditor can only see Reports for the Scopes they're given access to. Reports contain the Requirements, Controls, Tasks, and Evidence related to a given project or Scope.
|Policy Management User Type
||Licensed User (Y/N)
||Full access to all objects (i.e., campaigns, groups, users, policies, etc.) within the Policy Management module
||Policy Administrators can create and maintain all Policy Management Campaigns.
Access to campaign data for the specified allowed campaigns
- Can create new campaigns, policies, users, and user groups; view reports and update campaigns to which they're allocated permissions
- Cannot delete policies, users, groups, or campaigns within the Policy Management module
|Campaign Managers are granted access to one or more Policy Management campaigns. They can monitor the participation status of the policy acknowledgments, and nudge users who have not acknowledged. If you need a user to be able to manage some campaigns but not all, you would use the Campaign Manager user type.
||End Users do not log into the KCM GRC platform. They receive policy documents via email.
End Users are simply added to KCM GRC for the purpose of receiving policies by email. Using the link from the recipient's email, the users read and acknowledge your organization's policies. Policy acknowledgments are recorded in KCM GRC, within the associated policy campaign.
|Risk Management User Type
||Licensed User (Y/N)
||Full access to all objects (i.e., Risk Templates, Risk Register, Risk Wizard, etc.) within the Risk Management module
||Risk Administrators can map Controls to Risks; add new risks from the Risk Wizard or Risk Templates area; and can use the Risk Register to import/export, modify, archive, and add new Risks.