Review the policy exception and extension request
After reviewing a policy exception request, a compliance manager can accept or reject the request. However, if the compliance manager doesn't have enough information decide, they can request a risk assessment by the risk manager.
Before you begin
- For Requester:
- sn_grc.business_user
- sn_grc.business_user_lite
- sn_compliance.policy_exception_employee_user
- For Approver:
- sn_compliance.manager (sn_compliance_ws.corporate_compliance_manager)
- sn_compliance.policy_manager
Procedure
- Navigate to .
- Select the policy exception.
-
Perform one of the following actions.
Option Action To view or add impacted controls to the policy exception - Select the Impacted Controls tab.Note:You can add a single control objective if your Source type is Control objective. However, if your Source type is Controls, then you can select multiple controls from different control objectives. For more information, see Request a policy exception.
- Select the Add or Add All buttonto add the manually created controls.
- Choose the controls to associate to the policy exception.
To view mitigating controls on the policy exception Select the Mitigating Controls tab.
To view or add risks to the policy exception Select the Risks tab.
Note:This option is available when Risk Management plugin is also activated.To view or add approvers to the policy exception Select the Details tab.
Note:For approvals, Approver and Risk rating fields are mandatory. Select an approver from the approval group. For example, if the approver group is Compliance Managers, then select one of the managers belonging to the Compliance Managers group.To request extension - Select the Request extension button in the Details tab.
- Select a valid date that is later to the Valid to date in the Extension date field.
- Select a reason from the list in the Extension reason field.
- Select the extension reason.
- Enter relevant information, in the mandatory Additional comments field.
- Click the Request button.
- Select the Impacted Controls tab.
-
Perform one of the following actions.
Option Action To request additional information before approval Select More (...) icon and select Request more information.
An email notification is sent to the requester that the policy exception request was approved and goes into effect.
To provide additional information requested by approver Select Send Information To provide additional information requested by approver. Note:When an approver requests for additional information, the state changes to Analyze and substate to Awaiting requester information.To approve the policy exception Select Approve.
An email notification is sent to the requester that the policy exception request was approved and goes into effect.
To reject the policy exception Click Reject.
An email notification is sent to the requester that the policy exception was rejected and the request is closed.
To approve the policy exception extension Select Approve Extension.
An email notification is sent to the requester that the policy exception extension request was approved and goes into effect.
To reject the policy extension Select Reject Extension.
An email notification is sent to the requester that the extension request was rejected and the request is closed.
To request a risk assessment on the policy exception Select Request Risk Assessment.
An email notification is sent to the risk managers group.
Note:This option is available when Risk Management is also activated.To request business owner approval Select Request Business Owner Approval .
An email notification is sent to the business owner.
- Click Update.