Is there a way to modify submitted attestations?

davidpong · ‎05-08-2019

Hi All,

I'm wondering if there's a way to edit or add on to a submitted attestation. Use case is that a control owner forgot to add an attachment to their attestation and it looks like the only way to turn in that attachment is by doing the whole attestation again by putting the control into draft mode and then attest mode. When I access the attestation form, everything is greyed out and I am also unable to attach anything myself.

Thanks,

David R

Shiva Thomas · ‎05-22-2019

Hi David,

From a Compliance perspective, Assessments are not meant to be editable after they have been sent.
Any workaround against this, like editing the ACL or scripting modifications via Background Scripts, would be some very dangerous door to open… it would kill confidence in the integrity of all your Assessments.

This is why, out of the box, no Admin, nor any user, can edit completed Assessments.

You can use the "Return to Draft" button on the Risk (or Control) itself, and trigger a new assessment from here. By default this option is available to users with role sn_risk.manager (or sn_compliance.manager). I know this is not ideal, as the assessment will have to be completed again, but at least this could not be considered as a form of evidences tempering.

∴
Best regards from Switzerland
Shiva :¬,

If this reply assisted you, please consider marking it 👍Helpful or ✅Correct.
This enables other customers to learn from your thread.

View solution in original post

Anurag Tripathi · ‎05-09-2019

Hi David,

Are we only talking about attachments here or other fields as well?

If it is only attachment then I would recommend just adding a check before submit to ensure attachment is added(if it is mandatory), else just a warning prompt on submit to check if the user added attachment. Sticking close to oob without major customization.

Please mark my answer correct/helpful if it helps you solve your issue.
-Anurag

-Anurag

davidpong · ‎05-09-2019

Thanks Anurag.

I'm mainly focused on attachments but if other fields are possible, that would be great as well.

Is there an option in the attestation designer I need to go into to make ensure that it is added? I have the mandatory field check on all my attachment metric values. I wish the 'Review' state of a control was truly a review state. The only thing I can really do after a control has been put into 'Review' state is to put it back to 'Draft' or put it to 'Monitor' state I believe. Doe it seem likw what I envision required major customization?

Best,

David R

Ashik3 · ‎05-20-2019

Hi David,

There is an allow retake option for attestations and assessments. I haven't tried this personally in GRC Attestation but it works in VRM. Please try and share the results 🙂

Thanks,
Ashik

Shiva Thomas · ‎05-22-2019

Hi David,

From a Compliance perspective, Assessments are not meant to be editable after they have been sent.
Any workaround against this, like editing the ACL or scripting modifications via Background Scripts, would be some very dangerous door to open… it would kill confidence in the integrity of all your Assessments.

This is why, out of the box, no Admin, nor any user, can edit completed Assessments.

You can use the "Return to Draft" button on the Risk (or Control) itself, and trigger a new assessment from here. By default this option is available to users with role sn_risk.manager (or sn_compliance.manager). I know this is not ideal, as the assessment will have to be completed again, but at least this could not be considered as a form of evidences tempering.

∴
Best regards from Switzerland
Shiva :¬,

If this reply assisted you, please consider marking it 👍Helpful or ✅Correct.
This enables other customers to learn from your thread.