Review the policy exception and extension request using the Compliance Workspace
After reviewing a policy exception request using the Compliance Workspace, a compliance manager can accept or reject the request. However, if the compliance manager doesn't have enough information to decide, they can request a risk assessment by the risk manager.
Before you begin
Role required: sn_compliance.manager
Procedure
- Navigate to .
-
In the Compliance Workspace, click the List icon (
).
- Click All policy exceptions in the Policy exceptions list.
- Click the link to the policy exception record in the Name column.
-
Perform one of the following actions.
Option Action To view or add impacted controls to the policy exception - Click the Impacted Controls tab.
- Click Add or Add All.
- Choose the controls to associate to the policy exception.
To view mitigating controls on the policy exception Click the Mitigating Controls tab. To view or add risks to the policy exception Click the Risks tab. Note:This option is available when Risk Management plugin is also activated.To view or add approvers to the policy exception Click the Approvers tab. To request extension - Click the Request extension button in the Details tab.
- Select a valid date that is later to the Valid to date in the Extension date field.
- Select a reason from the list in the Extension reason field.
- Enter relevant information, if any, in the Additional comments field.
- Click the Request button.
-
Perform one of the following actions.
Option Action To request additional information before approval This is an approver's task.
Select More (...) icon and select Request more information. An email notification is sent to the requester that the policy exception request was approved and goes into effect.
To provide additional information requested by approver This is a requester's task.
After making changes to the policy request, select Send Information to provide additional information requested by approver. Note:When an approver requests for additional information, the state changes to Analyze and substate to Awaiting requester information.To approve the policy exception -
Click Approve.
The Approve exception request dialog appears.
- Review the summary, optionally add additional comments, and select Confirm.
An email notification is sent to the requester that the PER was approved and goes into effect.
To reject the policy exception -
Click Reject.
The Reject exception request dialog appears.
- Review the summary, add the mandatory additional comments, and select Confirm.
If the Additional comments field is empty, you cannot reject the extension request.
An email notification is sent to the requester that the PER was rejected and the request is closed.
To approve the policy extension -
Click Approve Extension.
The Approve extension request dialog appears.
- Review the summary, optionally add additional comments, and select Confirm.
An email notification is sent to the requester that the extension request was approved and goes into effect.
To reject the policy extension -
Click Reject Extension.
The Reject extension request dialog appears.
- Review the summary, add the mandatory additional comments, and select Confirm.
If the Additional comments field is empty, you cannot reject the extension request.
An email notification is sent to the requester that the extension request was rejected and the request is closed.
To request a risk assessment on the policy exception Click Request Risk Assessment.
An email notification is sent to the risk managers group.
Note:This option is available when Risk Management is also activated.To request business owner approval Click Request Business Owner Approval .
An email notification is sent to the business owner.
-
- Click Update.