Skip to Content
0
Former Member
May 10, 2010 at 06:27 AM

Critical Actions

632 Views

Hi Everyone,

I'm trying to establish what is a good practice to follow on how to deal with critical actions.

Our thinking is that even though they are critical actions people will still need to have access to them.

Here are some options with the cons we have been considering:

1. Add the actions into Firefighter id's & roles. We don't necessarily want to add actions into a firefighter role that someone is expected to do during their daily/weekly/routine activities.

2. Disable the Critical Actions rules. This will disable your ability to easily identify when an unwanted user has access to these actions.

3. Create mitigation controls for these critical actions and assign them to the specific users. This is quite and administrative burden due to the number of critical actions. We would not want to mitigate at the Higher risk level but rather at the individual rule level.

We are leaning towards option 3 but would appreciate some other options and input on how to deal with these?

Kind Regards