Process to "cancel" a VTA (internal Assessment) record in GRC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
In our current process, we trigger a VTA (internal assessment) based on certain stages in our third party process. We are using the GRC module today. One challenge we have always had is the ability to "cancel" a VTA. When we built our process, our Third Party admins, were provided the ability to delete the VTA in the scenarios the VTA was not required or needed. This was due to not having a "cancel" state to move the VTA too.
Recently, our platform team did an update to the Security Scorecard plugin and the ability to delete a VTA was removed. Which is now causing process issues with the workflow and our customers.
What solution has other teams put in place to put a VTA in a state that it is no longer "Awaiting a Response" and is no longer required to be completed, without deleting the VTA.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
A common solution is to introduce a custom “Cancelled,” “Not Required,” or “Closed – No Action Needed” state in the VTA workflow instead of deleting the assessment. This allows the VTA to move out of “Awaiting Response” while maintaining audit history and workflow integrity. Many teams also add a business rule or automation to close related tasks and prevent further notifications once the VTA is marked as no longer required.
