Criteria, Asset Categories & Risk Types
When an Account Administrator first signs into their account, a set of criteria appears in their Criteria Library by default (comprising: asset criticality; threat [x3]; risk control effectiveness and risk matrix criteria).
The Account Administrator is free to edit/rename this set, but until at least one other set is created, they are not able to delete it (this is because the account would be left with no criteria as you cannot create new sets – you simply copy, rename and modify existing sets).
The default criteria is also visible to Organisational Administrators, once at least one has been created. However, and while they cannot edit the default set of criteria (or any other that is owned by the Account Administrator and has been shared by them), they can save a copy of it under a new name.
In all cases such as this, where an Account or Organisational Administrator saves a new set of criteria, it will only appear in that Criteria Library for the selected organisation(s), and subordinate Business Units.
It is also useful in situations where users in one organisation should not see the criteria of another (one exception to this is where they have a common Organisational Administrator, and where that user has assigned individual sets of criteria to multiple or all organisations that they have access to).
Admins can assign saved sets to all, some or single organisations that they have been assigned to. Only the Account Administrator can save criteria so as to be accessible by all organisations. The same rules apply to Asset Categories, Risk Types, Assets, Threat Actors and Control Categories.
Asset Categories and Risk Types
To edit/delete Asset Categories and Risk Type entries (assuming you have the authority to do so), go to the landing page and filter the relevant data in the table (e.g. by Asset Categories). Once that is done, authorized users will then see icons at the right side of rows indicating options for editing/deleting each entry.