Hi Everyone

Does anyone know as to what is the best practice of managing the critical actions?

I have the following suggestions:

- Since it is a detective control, we do not do anything to the critical actions that is not being used.Alerts should be generated for this if at all anyone executes these transactions.

- Mitigate the critical roles marked as critical - as they have a separate monitoring process.

- Mitigate the users for critical transactions used on a day to day basis.

We are currently trying to reduce the amount of critical alerts being generated. There are a number of roles (especially) the fire fighter roles that have been marked as Critical and they have been excluded from SOD risk analysis as they have a separate control and monitoring procedure (the SPM reports) for these roles. We are in 5.2 and hence dont have the exclude objects functionality in the background job section.

We are trying to achieve that when a user is assigned the critical role, no alert should be generated when the user executes the critical transactions in these roles as the fire fighter log report acts as a control mechanism for monitoring the risk.

However, when we try to mitigate the risk (with the *) and mitigate the role and in the alert generation section, tick the option to include mitigated users. We still receiving alerts for the critical transactions belonging to the mitigated role.

Does the mitigation of critical action work only at user level??

Any answers/suggestions would be highly appreciated.

Kind Regards

Vishal