and more in a single search tool across platforms. Read the announcement here. |
10/18/2023 12:57 AM
What is the function of approver for mitigation association?
When we configure mitigation control in SoD and under association when we try to add an association, it shows us to select risk and approver.
On SoD violation page, if I assign a mitigation to an open risk, it just gets closed and does not go for approval.
What is the use of approver in mitigation association? Can anyone help me
10/24/2023 08:43 AM
@rituparna_pwc In the mitigating controls page, it asks for the risk because you are globally added an association to it. The control may be used for another risk as well. Also, the approver is added over here to capture history to show who has done the pre-mitigation even before the risk is flagged.
In the SOD violations, the risks which show up are detective. You can see the user and the risk which is flagged. Hence you need not add the risk name and approver name since it is detective. Anyone with the correct SAV role permissions should be able to accept the risk.
10/30/2023 09:24 PM
Hello @sai_sp ,
Thanks for the response, but then why it says mitigation control approver? For detective SoD, if we need to apply mitigation to accept risk, does it go for approval?
10/30/2023 09:31 PM
When below option is set it goes for approval.
Remediate options
10/30/2023 09:33 PM
@rushikeshvartak , if I apply mitigation control to an open violation, it is not going for approval
10/30/2023 09:38 PM
What is config --> Remediate options ?
10/30/2023 09:41 PM
@rushikeshvartak , sorry where do I see that config?
10/30/2023 09:43 PM
global config - sod
10/30/2023 09:46 PM
@rushikeshvartak , it is set to Create Task