Skip to Content
0

Mitigation Control not automaticaly removed during ARQ role removal

Nov 07, 2016 at 11:43 AM

16

avatar image

Hi,

Would you please be so kind and advise if you have sorted this one in your area?

We have the following scenario:

Scenario 1.

  1. New Role X gets requested via GRC AC_ARQ – 1 risk identified and mitigated with control ‘A’ with validity 1 week.
  2. Role X expires after 1 week but Mitigating control ‘A’ still active.

Scenario 2.

  1. New Role X gets requested via GRC AC_ARQ – 1 risk identified and mitigated with control ‘A’
  2. Role X remove access request via GRC AC_ARQ completes approval process but control does not get removed from GRACMITUSER table.

The problem occurs here once the role that introduces the access risk is removed business needs to know when the user request this roles / risk again and re-mitigate the risk before the access gets re –assigned to the user.

Thanks for the help!

Regards, Mel Button

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

0 Answers