ISSUE: The new regulation on resilience applicable to Banks and Insurance providers call out for consistency in the criticality. The criticality is usually defined at service/process level (with RTO/MTO among other things) and then cascaded to the supporting components such as assets and third party. Currently the asset and third party can be linked to a BU but not to a process and there is not criticality feature for process.
This the extract of DORA: “[…] perform the criticality assessment of information assets and ICT assets supporting business functions. The assessment shall take into account the ICT risk related to those business functions and their dependencies on the information assets or ICT assets […] impact their business processes and activities of the financial entity.”
RECOMMANDATION: create a criticality category (Critical|Important|Non essential) in the process view. Link the processes to supporting asset and third parties and cascade the criticality to asset and process.
Happy to discuss this in more detail.
Have you tried doing this with custom fields?
1 Like
Hi Dave
This is my workaround. The problem is than it requires multiple entries of same data because modules can’t inherit custom field (if my understanding is correct). Basically criticality is defined at process level but I’d need to reenter this is asset/third party supporting this process. Plus there is not process to third party link.
these kind of changes affect many things to many people that simply dont need this, with that in mind is very unlikely for this to become a feature.
what might be a feature, maybe later this year, is that custom fields allows you to list items from other modules: Question: How do I get custom field names to work across different tabs?
Access to customised field across modules if defo a good thing.
It feels that current data model with link to BU is limiting the options. If assets and third parties could be linked to process rather than BU wouldn’t it help?
Would that be a good feature to add?
for the time being these type of changes are not in the roadmap, they are very structural, affect many things and is not a priority.