Approval process on policy exception

Go to solution
Dhruv Gupta1
Kilo Sage
Kilo Sage

‎07-20-2020 12:08 AM

Hi team,

 

I have three questions in regards to policy exception:

 

  • How approval process for policy excpetion is controlled in GRC. What if I want to modify the default OOB behavior that if there is no approval rule configured instead on going to requester manger and control owners it should go to someone else may be default group?

 

  • How to make requester manager perform the task at review state i.e filling the risk assessment  instead of anyone having compliance manager role?

 

  • How to modify the default approval group?

 

@Phil Swann, @Jan Spurlin need our guidance here!!

  • 4,351 Views
1 ACCEPTED SOLUTION

Go to solution
Phil Swann
Tera Guru
Tera Guru

‎07-22-2020 12:14 AM

@Dhruv Gupta  the workflow has moved to Flow Designer

 

Type sn_compliance_policy_exception.CONFIG in the navigator and you will see everything, including two flows.

 

As per the previous version, the initial 'Request Approval' is for the Requester to submit it into the process formally. Then the 'Approver' is actually the assigned_to , who is responsible for taking it through the process.

 

Risk Management has been de-coupled, but still exists without dependency on GRC: Risk Management.

We still see Risks associated with the Impacted Controls, and the remaining Mitigating Controls which support those risks. 

 

There are two new areas: Verification Rule and Approval Rule , which I am going to drill into further - but hopefully this answers your first question! (How is it controlled?) = Flow Designer.

 

The second question is a broader one, and tricky because there is only a single state before Analyze. AND because PER is natively exposed on the Service Portal and there are limitations with client callable UI Actions on SP. If you check the UI action for 'Request Review' you can see how this uses client side validation first, and then triggers server-side if it passes. This approach would work, but not for SP. Consider that.

 

 

Thirdly, the Flow Designer will show you an action called ' get default approvers for policy exception ' which makes a call to the following API: new sn_compliance.PolicyException().getImpactControlOwners() 

 

 

Hope this helps!! Lots of new stuff on PER in V10.1 and very nice to see FD being adopted within the baseline functionality. 

View solution in original post

9 REPLIES 9

Go to solution
Chander Bhusha1
Tera Guru
In response to Dhruv Gupta1

‎07-20-2020 04:30 AM

That's strange I am also in Oralndo but the workflow is there:

find_real_file.png

The workflow is also there: Policy exception business owner approval 

Preview file
25 KB
0 Helpfuls

Go to solution
Dhruv Gupta1
Kilo Sage
Kilo Sage
In response to Chander Bhusha1

‎07-20-2020 07:46 AM

Try creating a new instance may be because you had played around and when you updated that it got out of the update process.

0 Helpfuls

Go to solution
Phil Swann
Tera Guru
Tera Guru
In response to Chander Bhusha1

‎07-21-2020 11:13 PM

Platform version does not necessarily indicate the GRC version, please refer to the plugins. The latest version for GRC is V10.1, e.g:

 

find_real_file.png

Preview file
30 KB
0 Helpfuls

Go to solution
Phil Swann
Tera Guru
Tera Guru

‎07-22-2020 12:14 AM

@Dhruv Gupta  the workflow has moved to Flow Designer

 

Type sn_compliance_policy_exception.CONFIG in the navigator and you will see everything, including two flows.

 

As per the previous version, the initial 'Request Approval' is for the Requester to submit it into the process formally. Then the 'Approver' is actually the assigned_to , who is responsible for taking it through the process.

 

Risk Management has been de-coupled, but still exists without dependency on GRC: Risk Management.

We still see Risks associated with the Impacted Controls, and the remaining Mitigating Controls which support those risks. 

 

There are two new areas: Verification Rule and Approval Rule , which I am going to drill into further - but hopefully this answers your first question! (How is it controlled?) = Flow Designer.

 

The second question is a broader one, and tricky because there is only a single state before Analyze. AND because PER is natively exposed on the Service Portal and there are limitations with client callable UI Actions on SP. If you check the UI action for 'Request Review' you can see how this uses client side validation first, and then triggers server-side if it passes. This approach would work, but not for SP. Consider that.

 

 

Thirdly, the Flow Designer will show you an action called ' get default approvers for policy exception ' which makes a call to the following API: new sn_compliance.PolicyException().getImpactControlOwners() 

 

 

Hope this helps!! Lots of new stuff on PER in V10.1 and very nice to see FD being adopted within the baseline functionality. 

Go to solution
Dhruv Gupta1
Kilo Sage
Kilo Sage
In response to Phil Swann

‎07-22-2020 12:30 AM

Yupp. I will check on that. I totally missed it could be in flow designer as well. Thaks once again 🙂