After the review of a policy exception request and before deciding to approve or
reject a request, the compliance manager may choose to request a risk assessment by the risk
manager.
Role required: compliance manager
-
Navigate to .
-
Select the policy exception.
-
Review the form details, as necessary.
-
Click the Business Impact Analysis tab and update the following fields:
Table 1. Policy
exception
request
Business Impact Analysis
tab
| Field |
Value |
| Risk description |
Enter a description of the risk. |
| Residual likelihood |
Update this value. |
| Residual impact |
Update this value. |
| Residual score |
Update this value. |
-
Perform one of the following actions:
| Option | Action |
|---|
| To view or add impacted controls to the policy
exception |
- Click the Impacted Controls tab.
- Click Add or Add
All.
- Choose the controls to associate to the policy exception.
|
| To view mitigating controls on the policy exception |
- Click the Mitigating Controls tab.
|
| To view or add risks to the policy exception |
Note: This option is available when Governance, Risk, and Compliance is
also activated.
|
| To view or add approvers to the policy exception |
|
-
Click Update.
