Use of Exempt Flag in Control

SanjivMeher · ‎04-28-2020

Hello Experts,

We have this flag exempt. But I am not sure what is the business use of this.

I know that if issue is accepted, an exception needs to be created. But Who sets the exempt flag?

What happens if exempt flag is checked? Does it not generate indicator tasks if exempt is checked?

How does it get unchecked? Will closing an exception uncheck it automatically and move it back to attest?

Please mark this response as correct or helpful if it assisted you with your question.

SanjivMeher · ‎05-28-2020

Yes. From what I understood, OOB Servicenow doesn't restrict indicator tasks to be created, when control is exempt. But it should and we will have to make changes to the scheduled job/script include to not create indicator task when exempt is true.

Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

Phil Swann · ‎04-29-2020

>> We have this flag exempt. But I am not sure what is the business use of this.

>> I know that if issue is accepted, an exception needs to be created.

An exception does not NEED to be created, it is optional and Policy Exception can take responsibility for setting/unsetting the exempt flag.

>> But Who sets the exempt flag?

During Review and Monitor state the control will be read-only, hence it is best to let Policy Exception take care of this.

>> What happens if exempt flag is checked?

As Gowrisankar has stated, the business rule will handle skipping of attestation.

>> Does it not generate indicator tasks if exempt is checked?

I don't believe that the indicator tasks are affected.

>> How does it get unchecked?

When a PER is closed.

>> Will closing an exception uncheck it automatically and move it back to attest?

Yes,..

SanjivMeher · ‎04-29-2020

Thanks Phil.

But if there is an exception for lets say 6 months and it is a monthly indicator, should it still create indicator tasks?

And if the issue is generated from an indicator failure, and an exception is created from the issue, why should the attestation skip? infact why would someone send it for attestation again, if there is an exception.

Please mark this response as correct or helpful if it assisted you with your question.

Phil Swann · ‎04-29-2020

Is this a question about indicator tasks based on some unknown behaviour, or is it that you want it to behave differently? It is a good topic - and I need to drill back in but wont be able to do so until next week probably.

Attestation might skip because of automated behaviour from Monitor to Attest; but also if it is picked up in List Actions perhaps... I don't think it is build purposely to go through Attest while Exempt, moreover if it is Exempt and it happens to move through Attest then it will skip. Subtle difference maybe?

SanjivMeher · ‎04-30-2020

Thats a question. Why exempt works for attestation, but not for indicator tasks.

Someone would mark a control exempt, only when there is an exception. I can't think of any other use case where we would mark it exempt.

Now If a control is marked exempt, It shouldn't create indicator task also until exempt is unchecked.

Otherwise it doesn't make sense. It will keep creating indicator tasks for the control, even if an exception is created. And the owner can't do anything about the indicator task except marking the remediation as Accept, which again will create another issue. Now you can add all the issue under one issue, but that becomes a manual work.

Please mark this response as correct or helpful if it assisted you with your question.

Phil Swann · ‎04-30-2020

Yes this needs some attention. But if you mark issue as Accept and keep it in Respond, do not close - failed indicators should not create a new issue. If the issue was generated by an Attestation; and thats why it failed - then until an Attestation passes the issue will remain open (unless you manually close). If indicators fail, the source of the issue will be updated - and when they pass will be removed. So if either is failing - the issue remains open, until none are failing!

However, that does not address the fact that Indicator Tasks are being generated. I hope I can look at this more for you unless someone else has the answer.