Define policy exception verification rules

Yokohama Governance, Risk, and Compliance

Release

yokohama

ft:locale

en-US

ft:publication_title

Yokohama Governance, Risk, and Compliance

ft:clusterId

grc

bundleId

grc

workflow

Technology

Define policy exception verification rules

Release version: Yokohama

Updated January 30, 2025

1 minute to read

The verification rule is used to verify the accuracy and completeness of a policy exception request prior to sending it out for approvals. You can define multiple levels of approvers for an application.

Before you begin

Role required:

sn_compliance.manager to create the policy exception verification rules
survey_reader to review and verify the questionnaire

About this task

Defining verification rules is an optional step. If you do not define verification rules or define them and do not activate them, approvals from the requester's team will not be required.

Procedure

Navigate to All > Policy and Compliance > Policy Exceptions > Verification Rule.
Click New.

On the form, fill in the fields.

Table 1. Approval Configuration form
Field	Description
Type	Defaults to Verification Rule.
Name	Enter a name for this approval configuration.
Short description	Provide a brief description of the purpose of the configuration.
Source application	Select the application for that applies to this verification rule. Only applications that have been previously added to the Integration Registry are listed.
Active	If this is selected, this verification rule is active and the requester will have the option of requesting an initial approval prior to sending it to the compliance manager for approvals.

Click Update.

The Approver Levels related list appears. This related list allows you to define multiple approver levels for a rule. One or more users, or a group of users can be selected as approvers for each level. Approvers must be assigned the survey_reader role. You can make it mandatory for all selected users to approve the exception or optionally allow a single user to approve on behalf of all approvers.
Click Submit.
When the policy exception record transitions to the Pending Verification state, the designated approvers are notified that their approval is required. If any fields in the policy exception request were not filled in by the requester (for example, the Policy or Control Objective), those fields become mandatory for the approvers. When the approvers have reviewed, completed, and approved the request, it transitions to the Analyze state and is assigned to the compliance manager for further analysis and approval.