Introducing Anecdotes' New Contributor and Viewer Roles

Product Update: Introducing Anecdotes' New Contributor and Viewer Roles

While GRC processes are managed by a dedicated team, they rely heavily on input from many departments across the organization. Whether it's providing evidence, approving policies and risks, or conducting user access reviews, working with these stakeholders can create unnecessary friction - especially in larger enterprises.

Granting stakeholders access to GRC tools can reduce this friction, but it typically requires giving them viewing and sometimes even editing permissions to sensitive data that is irrelevant to their role, something security-conscious organizations look to avoid.

Granular Permissions Empower Streamlined and Secure Collaboration

With the introduction of the Contributor and Viewer roles, Anecdotes streamlines collaboration across the organization, making it easier for GRC teams to get the data they need, and for stakeholders to provide it. The roles enable teams to tailor permissions to the specific entities stakeholders need to interact with and determine whether they can simply view or also edit those entities. By aligning access levels with the principle of least privilege, these roles ensure stakeholders only access what’s necessary for their part in the process—without compromising security.

Contributor Role: For Active GRC Participation‍

The Contributor role allows users to perform tasks related to GRC, but does not grant full access to the platform. This role is intended for control and risk owners or contributors, system owners and managers. Their permissions allow them to edit controls, add and remove evidence, create tasks, comment and so on.

‍

Viewer Role: For Observing GRC Data

The Viewer role is designed for users who need read-only visibility into selected entities. Such stakeholders may include department heads, executives, external advisors, or other internal parties who need context but not operational access. Viewers can only see entities that have been shared with them or that they explicitly own and the only interaction they can have with them is leaving comments.

‍
Improved Efficiency, Enhanced Security

These Contributor and Viewer roles are designed to help enterprises streamline and enhance collaboration with stakeholders while maintaining stringent security standards. With these additional roles, GRC teams can improve stakeholder accountability while increasing efficiency across GRC processes.