Organization
The Organization feature allows you to partition vendors, resources, and findings by organizational unit (e.g., country, business unit, or subsidiary).
Overview
Organizations enable CISOs and risk managers to delegate responsibilities and restrict visibility based on organizational scope. This feature is controlled by a feature flag and can be enabled by your administrator.
Feature flag behavior
State | Behavior |
|---|---|
organization = false | Default mode -- All users see and edit all vendors, resources, and findings. |
organization = true | Segmentation mode -- Visibility and permissions follow the rules defined below. |
How organizations work
Vendor assignments
The following objects are always associated with exactly one organization:
Vendors (mandatory)
Resources (inherit the organization from the associated vendor)
Findings (inherit the organization from the associated vendor)
User assignments
Users must be assigned to one or more organizations if their role is not Disabled.
Users with a Disabled role do not need to be assigned to any organization.
Visibility rules
To view or edit a vendor's information, the vendor's organization must be included in the user's assigned organizations.
Example -- Vendor visibility:
User | Vendor "France" | Vendor "HQ" |
|---|---|---|
RSSI France | Can see & edit | Cannot see |
RSSI Canada | Cannot see | Cannot see |
RSSI HQ, France, Canada | Can see & edit | Can see & edit |
RSSI France, Canada | Can see & edit | Cannot see |
Example -- User profile visibility:
User | Employee "France" only | Employee "France & Canada" | Employee (Disabled) |
|---|---|---|---|
RSSI France | See & edit | See & cannot edit | See & edit |
RSSI Canada | See & cannot edit | See & cannot edit | See & edit |
RSSI HQ, France, Canada | See & edit | See & edit | See & edit |
Default organization
When adding a new vendor, your first assigned organization is automatically selected by default.
Tip: Set the headquarters as the first organization in the platform settings. For example, if you are assigned to China and Italy, any new vendor you add will be assigned to China by default.
Analytics and reports
Analytics and reports data is also scoped by organization. For example, an RSSI assigned to China will only see analytics and reports related to Chinese vendors.
Multi-level hierarchy
Galink supports multi-level organization structures:
Entity > GBU/Region > Group hierarchy.
Vendors can be assigned ownership at entity level with visibility at Group level.
A geographical dimension can be added for additional categorization.