Hi All,
We are currently on GRC 10.1 SP15.
The risks are set up as critical and non-critical and the mitigation policy is setup in such a way that the critical risks are routed to risk owner and the non-critical risks are not.
This works successfully for technical roles. However, when business roles are selected in the request the mitigation policy does not work. The roles part of the business roles are assigned even though there are risks.
Please let me know if I am missing something here.
Thank you.
Best Regards,
Praman Mulay
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.