Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Mitigation assignment notification

Former Member

on ‎2015 Jun 19 1:59 PM

0 Likes
686

Hello colleagues!

I have a requirement to notify mitigation owners when their mitigation control was used to compensate a risk without interrupting the access request workflow.

What I've tried:

I've tried to modify standard MSMP for Mitigation assignment just to notify owners. But in this case the initial access request is holding untill the owner takes a decision. Unfortunately, MSMP doesn't have option automatically finishes workflows.

Then I've found a very nice post by Alessandro (I thank him for the post)

It would be ok for me if I send notifications to owners in the end of the day. But, using the report to fulfil my requirement, I couldn't send a mail with these options:

I've found any other ways to resolve my issue without ABAP?

Have anyone faced with a requirement similar to my?

Regards,

Artem

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
madhusap
Active Contributor
‎2015 Jun 19 5:53 PM
0 Likes

Hi Artem,

If I understand your requirement correctly, below are the steps you need to implement.

1. All your access request workflows should not allow approval of requests with risk violations until they are mitigated or remediated.

To achieve this go to

SPRO -> IMG -> GRC -> AC -> Maintain AC Applications and BRF+ function mapping

and delete "Request Mitigation Policy"

2. Assume that your manager is mitigating the violations in access request using MITIGATE RISK button then a control assignment request gets submitted (1062 set as YES) which notifies Mitigation Control Owner.

3. Once mitigation control owner approves make sure that at Mitigation Control Owner stage you have enabled Approved Notification event which will inform the manager once approved.

4. Now manager will re-run the risk analysis and will see that risks have been assigned with mitigation controls and hence can approve the request.

So, in the above process your ARQ process doesn't get disturbed but manager might require to wait for MC assignment to be approved.

Regards,

Madhu.

Show replies
Show replies
Former Member
‎2015 Jun 25 2:53 PM
0 Likes

Hello Madhu,

Sorry for the silence from me. It's a busy week...

Please read my reply to Harinam.

This is what I try to not do:



4. Now manager will re-run the risk analysis and will see that risks have been assigned with mitigation controls and hence can approve the request.

BTW, the first point I have done by not activating the option "" in MSMP

Regards,

Artem

Ask a Question