GRC- Attestations that have reset to draft based on making a change to the Control

Meehan76
Kilo Contributor

ā€Ž02-24-2020 05:20 PM

After making a change to some control objectives (classification), it has set the controls back in to draft state. How can I move these in bulk back to review and monitor state and keep frequency the same from the initial attestation date?\

Thanks 

0 Helpfuls
  • 1,394 Views
7 REPLIES 7

Community Alums
Not applicable

ā€Ž02-24-2020 11:19 PM

Hi Meehan76,

That happens due to the business rule Cascade Changes (/nav_to.do?uri=sys_script.do?sys_id=bfbc765b53001200dca62a9ca11c08b7). Every time you change the "name", "description", "reference", "category", "type", "classification" or "attestation" in a Control Objective, all the changes will be cascaded and the Control will move back to "Draft".

There are few ways to skip the "Assess" but why would you want that?
If you changed the Control Objective, the Control is still meaningful?

If your answer is "Yes",

var grControl = new GlideRecord('sn_compliance_control');
grControl.get('PASTE_CONTROL_SYS_ID_HERE');
var msg = "The control was moved manually to Monitor to avoid the business rule Cascade Changes.";
grControl.setValue('comments',msg);
grControl.setValue('state',"Monitor");
grControl.update();

Something that goes unnoticed - if you clean the attestation field, the system moves the Control automatically from "Draft" to "Respond" if you try to "Assess". Did you know that?

If your answer is "No", you should attest again - the system has been strategically designed to prevent this kind of issues.

Phil Swann
Tera Guru
Tera Guru

ā€Ž02-25-2020 01:02 AM

It is possible to use the 'Attest' UI Action from the list action (up to 100 at a time!). I wouldn't suggest opening up the ability to bypass lifecycle stages. 

 

One option is to build a solution to pre-populate answers from attestations based on the previous; but this may not be favourable (to avoid copy & paste errors), it is possible and allows a to-ing and fro-ing between Attester and Reviewer if so desired... 

 

Another thing, to prevent this bulk change from Control Objective (as Raf says , cascade changes BR) is to lock-down your Control Objectives using a Policy record! This is very important to consider, as there is no warning when you update a Control Objective that all of its Controls will be set back to Draft (even those which are Retired... (a different topic))

Eric Feron
Moderator
Moderator

ā€Ž03-06-2020 12:27 PM

Hi @Meehan76 , did you get this resolved? Thanks.

0 Helpfuls