1 / 12

Workflow Enhancement

Workflow Enhancement. Predetermined approval levels – Allows the agency/company to define workflows for various findings Dynamic approval levels – Allows the user to modify the predetermined workflow on the fly to add additional approvers or reviewers. Current Workflow: Remediation Workflow.

nituna
Download Presentation

Workflow Enhancement

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Workflow Enhancement • Predetermined approval levels – Allows the agency/company to define workflows for various findings • Dynamic approval levels – Allows the user to modify the predetermined workflow on the fly to add additional approvers or reviewers

  2. Current Workflow: Remediation Workflow Total Time Elapsed: 1 Day 1 Define Mitigation Strategy 5 Days Left A mitigation strategy needs to be defined. Choose whether or not you will remediate the finding or accept the risk. If you decide that the finding cannot be remediated you will need to change the workflow to the accept risk workflow option. Assigned To: Information System Security Officer Complete Workflow Step Insert Approver Insert Reviewer Change Workflow 2 ISPS Review & Approval The information system and privacy security team should review and approve or reject the remediation plan. 3 Remediation The Information Security Manager is responsible for reviewing the remediation plan for correctness, accuracy, and appropriateness. The ISM may reject or accept the remediation plan.

  3. Current Workflow: Default Remediation Workflow Total Time Elapsed: 9 Days 1 Define Remediation Plan A remediation plan needs to be defined. Describe how the finding will be remediated and enter an estimated completion date on when the remediation will take place. If the finding cannot be remediated and you need to accept the risk you will need to change the workflow to the accept risk workflow option. Submitted by Joe Blo on 6/5/2010 2 ISPS Review & Approval 2 Days Overdue The information system and privacy security team should review and approve or reject the remediation plan. Assigned To: Information System Privacy and Security Team Approve Reject Insert Approver Insert Reviewer Change Workflow 3 Remediation The Information Security Manager is responsible for reviewing the remediation plan for correctness, accuracy, and appropriateness. The ISM may reject or accept the remediation plan.

  4. 2 ISPS Review & Approval 2 Days Overdue The information system and privacy security team should review and approve or reject the remediation plan. Approved by Joe Blo on 6/5/2010 3 Remediation 5 Days Left The Information Security Manager is responsible for reviewing the remediation plan for correctness, accuracy, and appropriateness. The ISM may reject or accept the remediation plan. Assigned To: Information Security Manager Complete Workflow Step Insert Approver Insert Reviewer Change Workflow 4 ISPS Review & Approval The Information Security Manager is responsible for reviewing the remediation plan for correctness, accuracy, and appropriateness. The ISM may reject or accept the remediation plan.

  5. Add Approver The Information Security Manager is responsible for reviewing the remediation plan for correctness, accuracy, and appropriateness. The ISM may reject or accept the remediation plan. User Search: Message to User: The Information Security Manager is responsible for reviewing the remediation plan for correctness, accuracy, and appropriateness. The ISM may reject or approve the plan. Enter Number Becomes Overdue In: Add Approver Cancel

  6. Add Reviewer The Information Security Manager is responsible for reviewing the remediation plan for correctness, accuracy, and appropriateness. The ISM may reject or accept the remediation plan. User Search: Message to User: The Information Security Manager is responsible for reviewing the remediation plan for correctness, accuracy, and appropriateness. The ISM may reject or approve the plan. Add Reviewer Cancel

  7. Workflows Workflow Name Workflow Description Actions Available Remediation Default workflow used to remediate findings. Edit | Delete Accept the Risk Used for accepting the risk to agency operations without remediating the finding. Edit | Delete Add

  8. Edit Workflow Workflow Name: Default Workflow Workflow Description: Default workflow used to remediate findings. Workflow Step Description Displayed to User Order Actions Available Define Remediation Plan A remediation plan needs to be defined. Describe how the finding will be remediated and enter an estimated completion date on when the remediat… Edit | Delete ISM Approval of Remediation The Information Security Manager is responsible for reviewing the remediation plan for correctness, accuracy, and appropriateness. The ISM may reject or … Edit | Delete Implementation Represents findings which are in implementation Edit | Delete ISM Provides Proof of Implementation The Information System Security Officer must provide proof the implementation … Edit | Delete Closed The finding is officially closed. Edit | Delete Add Workflow Step Save Changes Cancel

  9. Add New Workflow Step Select a workflow type that matches the business workflow process you require Approval – Create an approval step which requires a user role or user to approve or reject before the process continues. Review – Create an review step which requests a user role or user to review and comment on the process. A review does not hold up the business process unlike the approval process. Action – Requires a user role or user to perform an action before the workflow can continue.

  10. Add New Approval Workflow Step Workflow Step Name: ISM Approval of Remediation Description: The Information Security Manager is responsible for reviewing the remediation plan for correctness, accuracy, and appropriateness. The ISM may reject or approve the plan. Open Finding Status: Enter Number Becomes Overdue In: Add User Assigned To: Add Role Save Cancel

  11. Add New Review Workflow Step Workflow Step Name: Define Mitigation Strategy Description: A mitigation strategy needs to be defined by the system users. Open Finding Status: Enter Number Becomes Overdue In: Add User Assigned To: Add Role Save Cancel

  12. Add New Action Workflow Step Workflow Step Name: Implementation Description: Represents findings which are in implementation. Once the implementation is completed the ISM should provide proof the action was completed and submit to ISPS for approval. Open Finding Status: Estimated Completion Date Custom Becomes Overdue: Add User Assigned To: Add Role Save Cancel

More Related