Approval process on policy exception

Go to solution
Dhruv Gupta1
Kilo Sage
Kilo Sage

‎07-20-2020 12:08 AM

Hi team,

 

I have three questions in regards to policy exception:

 

  • How approval process for policy excpetion is controlled in GRC. What if I want to modify the default OOB behavior that if there is no approval rule configured instead on going to requester manger and control owners it should go to someone else may be default group?

 

  • How to make requester manager perform the task at review state i.e filling the risk assessment  instead of anyone having compliance manager role?

 

  • How to modify the default approval group?

 

@Phil Swann, @Jan Spurlin need our guidance here!!

  • 4,352 Views
1 ACCEPTED SOLUTION

Go to solution
Phil Swann
Tera Guru
Tera Guru

‎07-22-2020 12:14 AM

@Dhruv Gupta  the workflow has moved to Flow Designer

 

Type sn_compliance_policy_exception.CONFIG in the navigator and you will see everything, including two flows.

 

As per the previous version, the initial 'Request Approval' is for the Requester to submit it into the process formally. Then the 'Approver' is actually the assigned_to , who is responsible for taking it through the process.

 

Risk Management has been de-coupled, but still exists without dependency on GRC: Risk Management.

We still see Risks associated with the Impacted Controls, and the remaining Mitigating Controls which support those risks. 

 

There are two new areas: Verification Rule and Approval Rule , which I am going to drill into further - but hopefully this answers your first question! (How is it controlled?) = Flow Designer.

 

The second question is a broader one, and tricky because there is only a single state before Analyze. AND because PER is natively exposed on the Service Portal and there are limitations with client callable UI Actions on SP. If you check the UI action for 'Request Review' you can see how this uses client side validation first, and then triggers server-side if it passes. This approach would work, but not for SP. Consider that.

 

 

Thirdly, the Flow Designer will show you an action called ' get default approvers for policy exception ' which makes a call to the following API: new sn_compliance.PolicyException().getImpactControlOwners() 

 

 

Hope this helps!! Lots of new stuff on PER in V10.1 and very nice to see FD being adopted within the baseline functionality. 

View solution in original post

9 REPLIES 9

Go to solution
Ashutosh Munot1
Kilo Patron
Kilo Patron

‎07-20-2020 01:02 AM

Hi,

 

  • How approval process for policy excpetion is controlled in GRC. What if I want to modify the default OOB behavior that if there is no approval rule configured instead on going to requester manger and control owners it should go to someone else may be default group?

We have done some modifications to this process where we have on centralised groups which approves along with this impacted control owners as well as Requester manager. So that centralised groups is aware of the exceptions and helps auditors and risk managers.

 

  • How to make requester manager perform the task at review state i.e filling the risk assessment  instead of anyone having compliance manager role?

Any specific use case for this? Because this is how it works baseline and as you are well aware we have to maintain this for the whole lifecycle of the tool.

 

  • How to modify the default approval group?

Business Rule called as "Default Assignment Group" does this.

 

Thanks,
Ashutosh

0 Helpfuls

Go to solution
Chander Bhusha1
Tera Guru

‎07-20-2020 04:18 AM

Hi Dhruv,

How approval process for policy excpetion is controlled in GRC. What if I want to modify the default OOB behavior that if there is no approval rule configured instead on going to requester manger and control owners it should go to someone else may be default group?

This is defined in the workflow and the script include:

1. Workflow: Policy exception business owner approval.

Open the approval User activity you will see the requestor's manager is hard-coded in the users/field and the control owners they are getting from the script include which they have mention in the script section:

Script include is : new sn_compliance.PolicyException().getImpactControlOwners(current);

Approval User Activity:

highlighted is the requestor's manager 

find_real_file.png

 

Script Include part:

Open the Script include: PolicyExceptionBase 

Search for function : _getImpactControlOwners 

Screenshot:

find_real_file.png

 

 

If you need to modify this then you have to change the approval in this approval user's activity ( if static directly add) if not static then call the script include and update there.

 

How to modify the default approval group?

This you can update here in this activity.

 

Thanks,

CB

0 Helpfuls

Go to solution
Dhruv Gupta1
Kilo Sage
Kilo Sage
In response to Chander Bhusha1

‎07-20-2020 04:25 AM

Bro I am on Orlando and it has changed there is no such workflow. And that isthe part of confusion....

0 Helpfuls

Go to solution
Ashutosh Munot1
Kilo Patron
Kilo Patron
In response to Dhruv Gupta1

‎07-20-2020 04:29 AM

RIght. You can check the UI Action : Request Approval

Thanks,
Ashutosh

0 Helpfuls