on 06-13-2012 9:31 AM
Hello Experts,
Today we perform our mitigation review process manually. We send emails to all the control owners and request to review the control documents and the users assigned to the controls. I am thinking of using the workflow for SOD review process. Which is more automated. From my understanding of the standard workflow in GRC10, we maintain owners for the risks, and the emails are sent to the risk owners to review the mitigating controls and the users assigned to the controls. Since we have a lot of control owners for a given risk. The standard workflow woud not work. I am thinking of using BRF+ rule to create a decision table with the mitigating control number (vs) mitigating control owner. Is there a way i can build a BRF+ rule for mitigating control owners in GRC10 and use it as a agent rule instead of the standard agents in the SOD review processID?
I am not sure if it is possible. Would like to get some insight from the experts here.
Thanks for responding,
Thanks,
Raghav
Hi Raghav,
You should be able to create a custom agent rule for this in the same way that you would with the standard Access Request Process.
I've looked at doing it myself to be able to have more fit for purpose approval for this process but haven't got that far with it!
I'm not sure how it aligns with the standard configuration parameters 2006 and 2018 but give it a go and see how the workflow behaves! I believe that it should take the workflow configuration over the configuration parameters but we'll see.
Simon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.