What is the purpose of approver field in Policy exception and also the use of review state in policy exception
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-15-2022 02:25 AM
What is the purpose of approver field in Policy exception and also the use of review state in policy exception.
The approval for policy exception actually goes to the requester's manager and the control owner of the impacted control.
Then what is the purpose of the "Approver" in policy exception.
And also there is no reviewer in policy exception, so what is the use of review state.
Can anybody please help me to understand these 2 scenarios.
Thanks,
Promita.
- Labels:
-
Policy and Compliance Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-16-2022 02:20 AM
Hi
| Field | Description |
|---|---|
| Number | Unique identification number. |
| Requester | Person requesting the policy exception, usually the control owner. |
| Approval group | Group that has the compliance manager role. You cannot edit the approval group if the policy exception reaches Review state.
If you do not provide an approval group, then the field defaults to compliance manager. Compliance manager is the default role if the policy exception is raised from any upstream application that is integrated with GRC. For example, if you raise a policy exception for a problem that is related to an incident and that problem is related to GRC. |
| Approver | User from the approval group. If the exception policy moves to the Analyze state, then you must select an approver. |
| State | State of the policy exception within the approval workflow. |
| Substate | Approval substate of the policy exception within the approval workflow. |
| Priority | Approval priority of this policy exception |
| Watch list | Users that are notified when the request is updated. |
In the review State : It's the role called compliance manager who has to Review the Policy Exception.
After reviewing a policy exception request, a compliance manager can accept or reject the request. However, if the compliance manager doesn't have enough information decide, they can request a risk assessment by the risk manager.
Refer to this link : Review the policy exception and extension request
Mark my answer correct & Helpful, if Applicable.
Thanks,
Sandeep
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-18-2022 08:59 AM
Hi
Glad to see my answer helped You.
Kindly mark the applicable answer as Correct & Helpful both such that others can get help.
Thanks,
Sandeep
