Assess the risk for the policy exception

After the review of a policy exception request and before deciding to approve or reject a request, the compliance manager may choose to request a risk assessment by the risk manager.

Before you begin

Role required: compliance manager

Procedure

  1. Navigate to Policy and Compliance > My Policy Exceptions.
  2. Select the policy exception.
  3. Review the form details, as necessary.
  4. Click the Business Impact Analysis tab and update the following fields:
    Table 1. Policy exception request Business Impact Analysis tab
    Field Value
    Risk description Enter a description of the risk.
    Residual likelihood Update this value.
    Residual impact Update this value.
    Residual score Displays the score.
  5. Perform one of the following actions:
    OptionAction
    To view or add impacted controls to the policy exception
    1. Click the Impacted Controls tab.
    2. Click Add or Add All.
    3. Choose the controls to associate to the policy exception.
    To view mitigating controls on the policy exception
    • Click the Mitigating Controls tab.
    To view or add risks to the policy exception
    • Click the Risks tab.
    Note: This option is available when Governance, Risk, and Compliance is also activated.
    To view or add approvers to the policy exception
    • Click the Approvers tab
  6. Click Update.