- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 07:03 AM - edited 03-26-2024 07:09 AM
Hi all,
Was wondering what are best practices when it comes to creating an intake process for end-users to report organization's Cybersecurity risks&issues?
I have copuple of options in mind, but I welcome your comments with leading practices:
a) Catalog item in service portal that would collect questions and then would let fulfillers to triage the input and decide to whether create an issue[sn_grc_issue] or risk[sn_risk_risk] records?
b) Record producers:
- Record producer in service portal that would create an issue[sn_grc_issue] but not sure if this is a best practice to do it without any triaging and wonder if end-user knows the difference between risk & issue?
- Record producer in service portal that would create an risk[sn_risk_risk] but not sure if this is a best practice to do it without any triaging and wonder if end-user knows the difference between risk & issue?
c) MOST IMPORTANT option is your comments 🙂
P.S. I read also about 'Issue Triage' module, but not sure if that's the best path.
I appreciate your comments and best practices.
Thank you.
V.
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 11:45 PM
Hi @Valqe ,
Well, none of the options you have quoted is correct unfortunately.
The best fit for your use case is Vulnerability Response application , yes off course it comes with additional charges.
But your solution is like a Workaround or a tactical solution not really a Strategic Solution.
If you really want to move forward with a workaround solution, then go with Solution "a" on your question and just add a field having choice as Issue or Risk, then based on the choice you can run a flow for it's lifecycle.
Issue Triage is not a right fit.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 11:45 PM
Hi @Valqe ,
Well, none of the options you have quoted is correct unfortunately.
The best fit for your use case is Vulnerability Response application , yes off course it comes with additional charges.
But your solution is like a Workaround or a tactical solution not really a Strategic Solution.
If you really want to move forward with a workaround solution, then go with Solution "a" on your question and just add a field having choice as Issue or Risk, then based on the choice you can run a flow for it's lifecycle.
Issue Triage is not a right fit.