Hi all,
What's your thoughts on where to maintain the production ruleset?
I can see advantages in both variants:
- Maintaining the ruleset in DEV and transporting through Q to PROD has the same benefits of any other customizing that should not be done on the PROD system.
- However, the GRC 10 approval workflow for ruleset changes (functions, risks, ...) is quite nice on PROD.
Now, if I wanted to use the approval workflow on DEV already (and customize the ruleset there), I would have to setup a "production" workflow on the DEV system, which is less than ideal.
What's your favorite approaches?
Thanks and cheers,
Patrick