cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mitigation assignment notification

former_member182655
Contributor

on ‎06-19-2015 1:59 PM

0 Kudos

Hello colleagues!

I have a requirement to notify mitigation owners when their mitigation control was used to compensate a risk without interrupting the access request workflow.

What I've tried:

I've tried to modify standard MSMP for Mitigation assignment just to notify owners. But in this case the initial access request is holding untill the owner takes a decision. Unfortunately, MSMP doesn't have option automatically finishes workflows.

Then I've found a very nice post by Alessandro (I thank him for the post)

It would be ok for me if I send notifications to owners in the end of the day. But, using the report to fulfil my requirement, I couldn't send a mail with these options:

I've found any other ways to resolve my issue without ABAP?

Have anyone faced with a requirement similar to my?

Regards,

Artem

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

madhusap
Active Contributor
‎06-19-2015 5:53 PM
0 Kudos

Hi Artem,

If I understand your requirement correctly, below are the steps you need to implement.

1. All your access request workflows should not allow approval of requests with risk violations until they are mitigated or remediated.

To achieve this go to

SPRO -> IMG -> GRC -> AC -> Maintain AC Applications and BRF+ function mapping

and delete "Request Mitigation Policy"

2. Assume that your manager is mitigating the violations in access request using MITIGATE RISK button then a control assignment request gets submitted (1062 set as YES) which notifies Mitigation Control Owner.

3. Once mitigation control owner approves make sure that at Mitigation Control Owner stage you have enabled Approved Notification event which will inform the manager once approved.

4. Now manager will re-run the risk analysis and will see that risks have been assigned with mitigation controls and hence can approve the request.

So, in the above process your ARQ process doesn't get disturbed but manager might require to wait for MC assignment to be approved.

Regards,

Madhu.

Show replies
Show replies
former_member182655
Contributor
‎06-25-2015 2:53 PM
0 Kudos

Hello Madhu,

Sorry for the silence from me. It's a busy week...

Please read my reply to Harinam.

This is what I try to not do:



4. Now manager will re-run the risk analysis and will see that risks have been assigned with mitigation controls and hence can approve the request.

BTW, the first point I have done by not activating the option "" in MSMP

Regards,

Artem

Former Member
‎06-19-2015 3:44 PM
0 Kudos

Hi Artem,

Slightly confused as to what you are trying to achieve. Are you trying to notify a user of a mitigating control being assigned to a user during an Access Request process?

You simply want the request to proceed and not wait upon the control being assigned. Please correct me if I am wrong and totally misunderstanding your aim.

The Alerts function is more for monitoring when a user has performed a already mitigated action/permission.

Show replies
Show replies
former_member182655
Contributor
‎06-25-2015 2:46 PM
0 Kudos

Hello Harinam,

Sorry for so slow reply!

...Are you trying to notify a user of a mitigating control being assigned to a user during an Access Request process?


You simply want the request to proceed and not wait upon the control being assigned.

Yes, you are right.

I want that the controller just be informed that during mitigating control assignment his control was used. I don't need any workflow procedure for MC assignment.

In GRC 5.3 we have this functionality by default. But in the 10 we don't have it...

Regards,

Artem

Ask a Question