Skip to Content

Mitigation Control not automaticaly removed during ARQ role removal

Hi,

Would you please be so kind and advise if you have sorted this one in your area?

We have the following scenario:

Scenario 1.

  1. New Role X gets requested via GRC AC_ARQ – 1 risk identified and mitigated with control ‘A’ with validity 1 week.
  2. Role X expires after 1 week but Mitigating control ‘A’ still active.

Scenario 2.

  1. New Role X gets requested via GRC AC_ARQ – 1 risk identified and mitigated with control ‘A’
  2. Role X remove access request via GRC AC_ARQ completes approval process but control does not get removed from GRACMITUSER table.

The problem occurs here once the role that introduces the access risk is removed business needs to know when the user request this roles / risk again and re-mitigate the risk before the access gets re –assigned to the user.

Thanks for the help!

Regards, Mel Button

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

0 Answers