Create a business process in the Risk Workspace

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • Create a business process in the Risk Workspace and define the owners, approvers, business criticality, and review frequency for the process.

    Before you begin

    Role required: Enterprise architect or service owner or itil

    About this task

    When you create a business process, it is important to ascertain the CIA triad. CIA triad refers to confidentiality, integrity, and availability. The CIA triad is a common model that forms the basis for the development of security systems and policies. These are used for the identification of vulnerabilities and methods for addressing problems and creating solutions.

    Procedure

    1. Navigate to All > Risk Workspace > Lists > Business Processes.
    2. Click Create New.
    3. On the form, fill in the fields.
      Table 1. Business Process form
      Field Description
      Name Name of the business process.
      Description Description of the business process.
      Parent Parent business process, if it exists, to create a hierarchy of business processes.
      Review frequency Frequency for reviewing the business process.
      Ownership
      Life cycle stage Stage of record in the business life cycle. The stage determines the status and displays the actions. This field is automatically set to Ideation when you save the form for a process in Draft state.
      Managed by group Group that maintains the business process.
      Approval group Group that must review and approve the business process.
      Owned by User responsible for the business process. This user is a member of the Managed by group.
      Life cycle stage status Status of business process within the life cycle stage. This field is automatically set to Under Evaluation when you save the form for a process in Draft state.
      Next review date Planned date on which the business process must be reviewed. The value in this field is automatically set only after the business process is approved.
      Description Short description of the business process. The description can include the background, the actual steps, and the interaction of the process.
      Business Impact
      Business criticality declared Criticality of the business process based on your subjective assessment. The choices are:
      • 1- most critical
      • 2- somewhat critical
      • 3- less critical
      • 4- not critical
      Business criticality determined Computed criticality of the business process based on the assessment of the sub-processes. The choices are:
      • 1- most critical
      • 2- somewhat critical
      • 3- less critical
      • 4- not critical
      CIA triad
      Impact to confidentiality Risk rating for the risk of loss of confidentiality for the process. The choices are:
      • High
      • Medium
      • Low
      Impact to integrity Risk rating for the risk of impact to integrity for the process. The choices are:
      • High
      • Medium
      • Low
      Impact to availability Risk rating for the risk of loss of availability for the process. The choices are:
      • High
      • Medium
      • Low
    4. Right-click and save the form.
      The record moves to the Draft state.