After the review of a policy exception request and before deciding to approve or
reject a request, the compliance manager may choose to request a risk assessment by the risk
manager.
Role required: compliance manager
-
Navigate to .
-
Select the policy exception.
-
Review the form details, as necessary.
-
Click the Business Impact Analysis tab and update the following fields:
Table 1. Policy
exception request Business Impact Analysis tab
Field |
Value |
Risk description |
Enter a description of the risk. |
Residual likelihood |
Update this value. |
Residual impact |
Update this value. |
Residual score |
Displays the score. |
-
Perform one of the following actions:
Option | Action |
---|
To view or add impacted controls to the policy
exception |
- Click the Impacted Controls tab.
- Click Add or Add
All.
- Choose the controls to associate to the policy exception.
|
To view mitigating controls on the policy exception |
- Click the Mitigating Controls tab.
|
To view or add risks to the policy exception |
Note: This option is available when Governance, Risk, and Compliance is
also activated.
|
To view or add approvers to the policy exception |
|
-
Click Update.