cancel
Showing results for 
Search instead for 
Did you mean: 

SOD Review

Former Member
0 Kudos

Hello All,

Hello Experts,

I have configured SOD review with one stage(Risk owner) in dev system.

Workflow is working fine and reviewer (Risk owner) is able to see the data.

I have logged in with risk owner(reviewer) id , when I open the request it’s pulled all the users data like(systems, service, dialog and communication).

So I want only dialog user data, what are the settings I need to perform ?

please help

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member226273
Active Participant
0 Kudos

Hello Sidda,

It can be controlled while generating data for SoD review. Please provide dialog users only in criteria while scheduling data generation job for SOD review.

Please let us know if it helps.

Kind regards,

Yashasvi

Former Member
0 Kudos

Hello Yashasvi,

Thanks for your reply.

As a security consultant I can filter it, but if business wants only dialog users list always , what would be the solution ?

Thanks

Sidda Reddy

former_member226273
Active Participant
0 Kudos

Hello Sidda,

Won't it be always GRC technical team who schedules SOD data generation job? One has to do it every time you want SOD review requests, so it can be managed at that piont of time. you can also create a variant for this job.

Also, the Batch Risk Analysis job can be restricted to execute BRA on dialog users only. And here, you can maintain variants or exclusions, so no need to keep changing it every time.

Kind regards,

Yashasvi

Former Member
0 Kudos

Hello Yashasavi,

Thanks for you info.

On more question , when am rejecting risk for all users, it saying "Reject Risk operation can only be performed on Risk Level".

what does it mean and how to overcome this ?

Thanks

Sidda Reddy

former_member226273
Active Participant
0 Kudos

Hello Sidda,

Rejecting Risk means the approver is not taking decision on the particular risk. So, reject operation has to be performed on risk level.

I am not sure if we can overcome this issue.

Kind regards,

Yashasvi

Former Member
0 Kudos

Hi,

My understanding is that as a process, other request generation for only rejected risks need to be performed once the issue has been addressed (change Risk Owner? sync User Manager?)

Hope it helps.

Thanks, Sabita