Is there a way to modify submitted attestations?

davidpong · ‎05-08-2019

Hi All,

I'm wondering if there's a way to edit or add on to a submitted attestation. Use case is that a control owner forgot to add an attachment to their attestation and it looks like the only way to turn in that attachment is by doing the whole attestation again by putting the control into draft mode and then attest mode. When I access the attestation form, everything is greyed out and I am also unable to attach anything myself.

Thanks,

David R

Shiva Thomas · ‎05-22-2019

Hi David,

From a Compliance perspective, Assessments are not meant to be editable after they have been sent.
Any workaround against this, like editing the ACL or scripting modifications via Background Scripts, would be some very dangerous door to open… it would kill confidence in the integrity of all your Assessments.

This is why, out of the box, no Admin, nor any user, can edit completed Assessments.

You can use the "Return to Draft" button on the Risk (or Control) itself, and trigger a new assessment from here. By default this option is available to users with role sn_risk.manager (or sn_compliance.manager). I know this is not ideal, as the assessment will have to be completed again, but at least this could not be considered as a form of evidences tempering.

∴
Best regards from Switzerland
Shiva :¬,

If this reply assisted you, please consider marking it 👍Helpful or ✅Correct.
This enables other customers to learn from your thread.

View solution in original post

G Balaji · ‎05-27-2019

To make my statement clear,

Custom UI action could take following inputs from control owner,

1. attestation respondent name whose attestation has to re-submitted

2. attestation(assesment) which has to be edited.

And, with above inputs, you filter the attestation and change the state of that attestation to "ready" or "wip".