Assess risk for a policy exception
After the review of a policy exception request and before deciding to approve or reject a request, the compliance manager may choose to request a risk assessment by the risk manager.
Before you begin
Role required: compliance manager
About this task
For more information, see Manage policy exceptions and extensions.
Procedure
- Navigate to All > Policy and Compliance > My Policy Exceptions.
- Select the policy exception.
- Review the form details, as necessary.
-
Click the Business Impact Analysis tab and update the following fields:
Table 1. Policy exception request Business Impact Analysis tab Field Value Risk description Description of the risk. Residual likelihood Likelihood of the risk occurring. If it is not None, select the likelihood of this risk occurring: - 5 — Extremely Likely
- 4 — Likely
- 3 — Neutral
- 2 — Unlikely
- 1 — Extremely Unlikely
Residual impact Residual impact of the risk. If it is not None, select the residual impact of this risk: - 5 — Very High
- 4 — High
- 3 — Moderate
- 2 — Low
- 1 — Very Low
Residual score Value calculated after you select a residual likelihood and residual impact rating: - 5 — Very High
- 4 — High
- 3 — Moderate
- 2 — Low
- 1 — Very Low
-
Perform one of the following actions.
Option Action To view or add impacted controls to the policy exception - Click the Impacted Controls tab.
- Click Add or Add All.
- Choose the controls to associate to the policy exception.
To view mitigating controls on the policy exception Click the Mitigating Controls tab.
To view or add risks to the policy exception Click the Risks tab.
Note:This option is available when Governance, Risk, and Compliance is also activated.To view or add approvers to the policy exception Click the Approvers tab.
To view or add task service level agreements to the policy exception Click the Task SLAs tab.
- Click Update.