Skip to content

FAQ & Troubleshooting🔗

Why do I see a building block without assets?🔗

Check in the Modeling module whether the building block is already linked to assets.
Often the assignment is still missing there; open review items can also provide clues.

Protection needs are not inherited – what is the cause?🔗

Protection needs inheritance only works when certain prerequisites are met. Check the following points systematically:

  1. SBF form approved?
    Inheritance can only be calculated for approved SBF forms. Check in the Protection Needs Assessment section whether the form has the status "completed" or "approved".

  2. Dependencies modeled correctly?
    Check in the Dependencies section whether the relationships between processes and assets are set up correctly:

  3. Processes must be linked to assets
  4. Assets must be linked to each other (e.g., input/output relationships)

  5. The dependency direction must be correct

  6. Objects in scope?
    Only objects that are linked within the respective Scope are considered during inheritance. Check whether all relevant processes and assets are included in the scope.

  7. Recalculate inheritance
    After changes to dependencies or after approving new SBF forms, you must manually recalculate the inheritance:

  8. Navigate to the Protection Needs Overview for the scope
  9. Click "Calculate Inheritance"
  10. The system will traverse all dependency chains and apply the highest overall protection need

Common error sources: - Dependencies were changed after the SBF assessment, but inheritance was not recalculated - SBF form has not yet been approved - Objects are not linked within the scope - Circular dependencies can lead to unexpected results

No emails are sent for deadlines – what can I do?🔗

Email notifications are only triggered when all required information is correctly configured. Go through the following checklist:

Check required fields🔗

  1. Responsible person assigned?

    • In measures: The "Responsible Person" or "Responsible Role" field must be set
    • In documents: The "Responsible Person" field must be set
    • In audits: The "Responsible Person" field or corresponding roles must be set
    • The person must have a valid email address in the system

  2. Due date set?

    • In measures: The "Due Date" or "Target Date" field must be set
    • In documents: The "Next Review" field must be set
    • In audits: The "Audit Date" or "Deadline" field must be set

  3. Status correct?

    • Measures must have the status "open", "in progress", or "pending approval" (not "completed")
    • Documents must be active (not archived)

Check system configuration🔗

  1. Email server configured?

    • Contact your GRASP administration to verify that the email server is correctly configured
    • Check whether emails might be landing in the spam folder

  2. Notifications enabled?

    • In some installations, email notifications may be globally disabled
    • Check the system settings or contact the administration

Common issues🔗

  • Person has no email address: Update the person's profile in the organization
  • Due date is in the past: Emails are only sent for future or current deadlines
  • Measure already completed: Completed measures no longer trigger reminders
  • Wrong time zone: Check whether the system time zone is correctly configured

Risk matrix shows incorrect values – how does the calculation work?🔗

The risk matrix is automatically calculated from the assessments of likelihood and impact. If the displayed values do not match your expectations, check the following points:

Understanding the calculation logic🔗

The risk class is derived from the combination of: - X-axis (Likelihood): e.g., very low, low, medium, high, very high - Y-axis (Impact): e.g., low, medium, high, very high

The matrix uses the BSI assessment logic by default, but this can be customized in the system configuration.

Common causes of incorrect values🔗

  1. Incorrect assessment in the risk analysis

    • Open the Risk Analysis for the affected risk
    • Check whether likelihood and impact are entered correctly
    • Pay attention to whether the inherent risk or residual risk is displayed

  2. Wrong scope or filter

    • Check which Scope is selected in the risk matrix
    • Check the filter settings (status, resource type, module)
    • Ensure that completed risk assessments are included (if desired)

  3. Outdated assessments

    • Risks may have been archived or restarted
    • Check the Risk History for more recent assessments
    • Enable the display of archived assessments if needed

  4. Measures not taken into account

    • The risk matrix shows the inherent risk (before measures) by default
    • To see the residual risk (after measures), you must have completed the residual risk assessment
    • Check whether the filter distinguishes between inherent and residual risk

  5. Matrix configuration

    • The risk matrix configuration can be customized per installation
    • Contact your GRASP administration to review the assessment logic

Solution🔗

  • Check individual risk: Open the risk analysis for the affected risk and review the assessments
  • Reset filters: Reset all filters and check whether the issue persists
  • Update assessment: If the assessment is incorrect, correct it in the risk analysis
  • Contact administration: For systematic issues, inform the GRASP administration

Scope objects missing in modules – linking issues🔗

If processes, assets, or other objects are not displayed in a module even though they are linked in the Scope, check the following points:

Common causes🔗

  1. Object not linked in the scope

    • Open the Scope in the respective module (e.g., "Scope" in ISMS, "IT Network" in IT-Grundschutz)
    • Check whether the object appears in the list of linked objects
    • If not: Manually link the object to the scope

  2. Wrong scope selected

    • Check which Scope is selected in the current view
    • Switch to the correct scope or link the object to the right scope if needed

  3. Object does not exist in the inventory

    • Check in the Inventory section whether the object has been created at all
    • Check whether the object may have been deleted or archived

  4. Subject-matter relevance

    • Some objects are only displayed in certain modules if they have the correct "subject-matter relevance"
    • Check the object properties and ensure that the module is selected under subject-matter relevance

  5. Permissions

    • Check whether your role has access to the object
    • Some objects may not be visible for your role

Solution🔗

  1. Check scope: Open the scope and verify that all required objects are linked
  2. Re-link object: Remove and re-add the object to the scope
  3. Check inventory: Ensure that the object exists in the inventory and is active
  4. Check permissions: Contact the administration to review your permissions

Performance issues with large data volumes🔗

If GRASP responds slowly with large data volumes, the following measures can help:

Optimization options🔗

  1. Use filters

    • Consistently use the filter functions to display only relevant data
    • Filter by Scope, Status, Module, or other criteria
    • Avoid displaying all data at once

  2. Reduce scope size

    • Large scopes with many objects can impact performance
    • Consider splitting scopes into smaller, focused areas
    • Use multiple scopes instead of one very large scope

  3. Use archiving

    • Archive completed risk assessments, audits, or old SBF forms
    • This reduces the number of active records in the overview

  4. Export instead of display

    • For large evaluations, use the export functions (PDF, Excel, CSV)
    • Do not open all details simultaneously in the browser view

  5. Clear browser cache

    • Clear the browser cache or use an incognito window
    • Old cached data can cause confusion

System-side measures🔗

  1. Contact administration
    • For persistent performance issues, inform the GRASP administration
    • Possible causes: server resources, database indexes, network latency
    • The administration can perform system optimizations if needed

Best practices🔗

  • Regular cleanup: Remove or archive test data that is no longer needed
  • Structured scopes: Use multiple, focused scopes instead of one large scope
  • Selective display: Only display the data you currently need

Export/import errors – CSV and other formats🔗

If you encounter problems with export or import functions, check the following points:

CSV import issues🔗

  1. Check file format

    • CSV files must be saved in UTF-8 format (with or without BOM)
    • Use a comma (,) as the delimiter, not a semicolon
    • Check whether the file is correctly formatted (no empty lines at the beginning/end)

  2. Required fields present?

    • Check the import template or documentation for which fields are mandatory
    • Common required fields: Name/Label, Type, Status
    • Missing required fields will cause the import to abort

  3. Data format correct?

    • Date fields must be in the expected format (e.g., DD.MM.YYYY or YYYY-MM-DD)
    • Numeric fields must not contain text characters
    • Email addresses must be validly formatted

  4. Avoid duplicates

    • Check whether objects with the same name already exist
    • Use the update function instead of creating new entries if applicable

Export issues🔗

  1. Check export format

    • Some export formats (PDF, Excel) require more time with large data volumes
    • For very large data volumes, consider using CSV export
    • Check whether the export was aborted (timeout)

  2. Permissions

    • Check whether your role is allowed to use export functions
    • Some exports may only be available for certain roles

Solution🔗

  1. Check error message: Most import errors display a specific error message with a line number
  2. Use template: Use the official CSV template for imports, if available
  3. Small test imports: Test with a small number of records first before performing large imports
  4. Contact administration: For systematic issues, inform the GRASP administration

Common error sources🔗

  • Wrong character encoding: File must be UTF-8
  • Wrong delimiter: Use a comma instead of a semicolon
  • Missing required fields: All mandatory columns must be present
  • Invalid data formats: Dates, numbers, and email addresses must be correctly formatted
  • Files too large: For very large files, perform the import in smaller batches