Question regarding the terminology within NERM. Having worked with the tool previously as SecZetta as well as now NERM, I’ve experienced different definitions of how “Organization” is intended to be used. Does it reference a sub-item within the company implementing the NERM solution or does it reference an item outside the company?
Scenario 1: Synonymous with “Department” - the places at which a person can work.
Scenario 2: Synonymous with “Vendor/Supplieer” - the place a person works or sources from externally
Are you referring to the ‘Category’ when creating a new profile type? Or do you have a tenant where there is already a Profile Type called 'Organization?
Organization is a pre-defined profile type in all the baselines I’ve worked with. It’s also referenced in numerous places within the documentation but in different contexts.
Side note: the “Category” didn’t get added to NERM until fairly recently but definitely adds another layer of complexity to the overall question.
The screen below is from the original “SecZetta” documentation and I purposely omitted it originally to avoid leading the discussion a certain way
We tend to refer to an organization as who is supplying the non-employee to you – Like the consulting firm, a partner business, or an affiliate - that 3rd (or 4th-x) party company that has a relationship with you to provide workers. The organization might also have sub-organizations/divisions to further define where these non-employees are coming from. Then the organizations (and sub-organizations) can have collaborators to performed any delegated admin for those non-employees.
