An Approver must mitigate any risk violations before approving a Request. The Mitigation tab allows you to resolve risk violations by allowing exceptions to the rules that were defined in Risk Analysis and Remediation.
The Mitigation tab displays the risks that are mitigated and details about the mitigation controls. There are three flags on the Mitigation tab:
The red flag indicates that there are risk violations associated with the request that have not been assigned a mitigation control.
The green flag indicates that there are no risk violations associated with the request or that all the risks that were identified have been mitigated.
The yellow flag indicates that there are violations with associated mitigation controls.
The Mitigation tab displays the following information:
Item |
Description |
---|---|
System |
The system in which the risk and mitigation controls are assigned. |
Risk Description |
Describes the risk. |
Control ID |
The unique number that identifies the mitigation control. |
Functional Area |
Area for the risk that is configured in Risk Analysis and Remediation. |
Approver |
The user name of the mitigation control approver. |
Valid From |
The date from which the mitigation control is valid. |
Valid To |
The date until which the mitigation control is valid. |
On the Mitigation screen, you can:
Create a new mitigation control for a specific risk violation.
Assign an existing mitigation control to a specific violation.
Note
Creating mitigation controls is a sensitive function that should only be available to selected persons. For more information, see application help documentation for Risk Analysis and Remediation.