on 03-09-2009 12:33 AM
Hi Gurus,
We are on 5.3 version of RAR,
I am creating a blanket Mitigation control to Mitigate a risk id against one role. when I run the Risk Analysis report the I found that , the risk id is mitigated for all the roles. For e.g.
The user has roles three roles A,B andC. The SOD Risk Id " R" is coming from all the three roles. I create Control M to Mitigate Risk id " R" only against Role A.
When I run the Risk analysis report the risk is mitigated for all the three roles whereas I am expecting it should be mitigated only for Role A and For Role B and C it should still show as unmitigated risk.
Is there there anything else I need to do??
Parveen
Hello Parveen,
Put * only after 7 Risk character of Risk Id and not after 4 char.
This will solve issue you are facing
Regards,
Surpreet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Praveen,
As mentioned by Alpesh,if you want to mitigate a particular role then select that role and mititgate it. The whole purpose of blanket mitigation is to mitigate all roles against a risk at one time and avoid mitigating one role at a time.
Regards
Harleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Praveen,
Don't put '' after the risk when you are creating mitigationg control. If you put '' after risk ID, it creates a blanket mitigating control. When you create mitigating control for particular risk, you will have to select the particular role and mitigate it.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.