- SAP Community
- Products and Technology
- Additional Q&A
- Mitigation control workflow for AC10
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Mitigation control workflow for AC10
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 07-25-2011 2:03 PM
We are configuring the Mitigation control workflow during the implementation of AC 10.
I would like to know whether its mandatory to have the workflow for Mitigation approver and monitor. As per the implementation team there is no requirement for them as this is not covered during the rampup. But I think this should be mandatory to have the mitigation approval worflow so all the mitigation risk should be approved before mitigating. Otherwise, security admin can mitigate any risk and complete the request.
Please advice.
Accepted Solutions (0)
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi,
Even though they are not mandatory, It is always good to have Mitigation approver and monitor in the workflow, if you wish to mitigate the risks before they are assigned. However, in some situations, the roles will be assigned to the users without mitigting them (if they are only required for a few days).
If you don't maintain the mitigation approver and monitor in the workflow, they have to be managed manually from RAR.
Regards,
Raghu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Raghu, Thanks for the reply.
So it means if we do not have the approval workflow for mitigation control, than there is no importance for mitigation approver to be maintained. As there will be no workflow to send them the request for approval. Security team can mitigate any risk by creating mitigation controls.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
So if I find a risk while performing a risk analysis, how i can send the request to mitigating approver whether to mitigate the risk or not. As there is no workflow configured for mitigation approval.
I mean, as a security admin we want to mitigate any risk, but we want to get the approval from mitigating approver, do we need to send the risks separately via email and get the approval for mitigation.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi,
Yes. It will be a manual process. In some of the organizations, risks identification and mitigation will be performed manually by the Business process owners, which means in reality there will not be any risks that pop-up in CUP or RAR since they are already mitigated for the user.
If you don't want to enable the mitigation process in the workflow, you have to do it and record the evidences manually.
Hope this answers.
Regards,
Raghu
- SAP S4HANA Cloud Public Edition Logistics FAQ in Enterprise Resource Planning Blogs by SAP
- SAP Build Process Automation Pre-built content for Finance Use cases in Technology Blogs by SAP
- New 1H 2024 SAP Successfactors Time (Tracking) Features in Human Capital Management Blogs by SAP
- Adverse Media Monitoring: How to improve overall Supply Chain Management in Supply Chain Management Blogs by Members
- SAP SuccessFactors Employee Central: 1H 2024 Release Highlights in Human Capital Management Blogs by Members
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.