Hi,
Would you please
be so kind and advise if you have sorted this one in your area?
We have the
following scenario:
Scenario 1.
- New Role X gets requested via GRC
AC_ARQ – 1 risk identified and mitigated with control ‘A’ with validity 1 week.
- Role X expires after 1 week but
Mitigating control ‘A’ still active.
Scenario 2.
- New Role X gets requested via GRC
AC_ARQ – 1 risk identified and mitigated with control ‘A’
- Role X remove access request via GRC
AC_ARQ completes approval process but control does not get removed from GRACMITUSER
table.
The problem
occurs here once the role that introduces the access risk is removed business
needs to know when the user request this roles / risk again and re-mitigate the
risk before the access gets re –assigned to the user.
Thanks for
the help!
Regards,
Mel Button
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.