Skip to Content
0

SOD Review

Jul 27, 2017 at 07:56 AM

45

avatar image
Former Member

Hello All,

Hello Experts,

I have configured SOD review with one stage(Risk owner) in dev system.

Workflow is working fine and reviewer (Risk owner) is able to see the data.

I have logged in with risk owner(reviewer) id , when I open the request it’s pulled all the users data like(systems, service, dialog and communication).

So I want only dialog user data, what are the settings I need to perform ?

please help

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Yashasvi Sanvaliya Jul 27, 2017 at 11:44 AM
0

Hello Sidda,

It can be controlled while generating data for SoD review. Please provide dialog users only in criteria while scheduling data generation job for SOD review.

Please let us know if it helps.

Kind regards,

Yashasvi

Show 5 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hello Yashasvi,

Thanks for your reply.

As a security consultant I can filter it, but if business wants only dialog users list always , what would be the solution ?

Thanks

Sidda Reddy

0

Hello Sidda,

Won't it be always GRC technical team who schedules SOD data generation job? One has to do it every time you want SOD review requests, so it can be managed at that piont of time. you can also create a variant for this job.

Also, the Batch Risk Analysis job can be restricted to execute BRA on dialog users only. And here, you can maintain variants or exclusions, so no need to keep changing it every time.

Kind regards,

Yashasvi

0
Former Member
Yashasvi Sanvaliya

Hello Yashasavi,

Thanks for you info.

On more question , when am rejecting risk for all users, it saying "Reject Risk operation can only be performed on Risk Level".

what does it mean and how to overcome this ?

Thanks

Sidda Reddy

0

Hello Sidda,

Rejecting Risk means the approver is not taking decision on the particular risk. So, reject operation has to be performed on risk level.

I am not sure if we can overcome this issue.

Kind regards,

Yashasvi

0
Former Member

Hi,

My understanding is that as a process, other request generation for only rejected risks need to be performed once the issue has been addressed (change Risk Owner? sync User Manager?)

Hope it helps.

Thanks, Sabita

0