Hello, is it possible that risks with a score greater than 3 must be accepted and justified by a CEO (or just another group)? This applies to every review. The review is always done by the CISO, but if the score is higher, the solutions/the review must also be confirmed/accepted by a CEO.
Or how could this be implemented?
Regards, Thomas
When reviewing risks, policies, assets there is no “approve” or “not approve” button these people clicks, remmeber that what you do in eramba is you request their “feedback” that goes into “Comments & Attachments”.
What you can do is to create a Dynamic Status that triggers when the risk settings imply a Risk Score equal, lower, etc than certain number and then use that status to trigger an email to the role you have for the CEO.
Then you setup a notification:
That will notify the CEO and you can put on the email whatever you want of course.
As you can see this is just a warning (requesting or nor feedback) but is not an approval workflow, the approval workflow for reviews is part of our roadmap Product Roadmap (Last Update: 4th August)
1 Like