Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

validity period mitigating control

Former Member
0 Kudos
702

Hi,

I checked this forum but didn't find any helpful thread for my question. We are using GRC version 5.3. Is there any SAP report or tables available that would show history of mitigating controls per user? In running the Compliance Calibrator for a user, SOD issues were present that we didn't expect because we thought existing mitigating controls were applied and that we were regularly monitoring this user for the associated risks. We thought that the problem might be that the validity period might have expired, but our corporate security group currently doesn't even show the mitigating control for the user. I wanted to look at the history of the mitigating control for the user to see if I could validate their claim.

Thanks,

John

1 REPLY 1

Former Member
0 Kudos
187

Hi,

First of all, there's a special forum for GRC: "Governance, Risk and Compliance".

Check under RAR-> configuration tab:

Default expiration time for mitigating controls (in days)

When assigning a mitigating control to a risk, you must specify the validity period of the controlIf the End Date is left blank, the value in this option is used to calculate the end date of the validity period; the default value is 365 (days)

Check also under CUP->configuration->mitigation.

You'll be able to find the documentation for this configuration parameters in the corresponding Config Guide.

Regarding Mitigation controls per user, I guess you can just check RAR -> Mitigation tab.

Cheers,

Diego.