Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Email to mitigation owner regarding expiring mitigation controls assigned to users in GRC 10.0

Go to solution
former_member550749
Explorer

on ‎2019 Jul 31 11:26 AM

0 Likes
1,614

Hello Experts,

Is there any possibility that mitigation owner can get an email notification/reminder regarding the assigned mitigation controls getting expired to users in GRC 10.0.

Example- A user has been assigned a control with validity of one year. Now, before the MC will get expired for that user, a mitigation owner must get an email notification (may be 2 days before expiration or something like that) so that he/she can take necessary action at time like whether to extend the MC or not. If such functionality can be enabled, then please guide me with necessary steps that needs to be configured.

Thanks in advance and appreciate your inputs!

Rudra

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor
‎2019 Jul 31 3:15 PM
0 Likes

Hi Rudra,

In access control there is no automated way to identify and alert the mitigating control owners about the expiring mitigating controls for roles or users.

However, if you are using Process Control, you can define a control to monitor and report users or roles with expiring mitigating controls (e.g. 7 days in advance) to the corresponding Mitigating Control Owners.

Most of the clients will make this as a Operations & Support team task to monitor on weekly basis to identify the controls about to expire and inform the mitigating control owners via email. This will be more like SOP for O&S teams.

Last option is, create a program and have logic defined to identify users or roles with expiring mitigating controls and send email to corresponding control owners.

Regards,

Madhu

Show replies
Show replies
former_member550749
Explorer
‎2019 Aug 01 11:37 AM
0 Likes

Hello Madhu,

Initially, I too thought of achieving this with the help of program but then later I thought that GRC might have some option to enable this functionality and so it will save much of our time. Anyway, many thanks for your response 🙂

Answers (1)

Answers (1)

RameshVithanala
Active Participant
‎2019 Jul 31 4:20 PM
0 Likes

Hi Rudra,

I agree with Madhu, there is no automated way to inform the mitigating control owners about the expiring mitigating controls for roles or users.(You are looking something like role certification for mitigation control:))

But the validity dates can be changed pretty easy from frontend or backend.

We can send the control monitor alerts for the Control ID's, but that will not suffice your requirement.

Thanks

Ramesh

Show replies
Show replies
former_member550749
Explorer
‎2019 Aug 01 11:40 AM
0 Likes

Hello Ramesh,

You are right. Alerts for Control IDs will not include the expiring mitigation controls assigned to users. As a part of testing, just to assure, I performed it in our development system but was not fruitful. Thanks for your response 🙂

Ask a Question