Requirement owners are responsible for documenting issues and ensuring their business unit complies with their assigned requirements by creating new controls or selecting existing controls from the library. Once users in the group have completed their tasks, the requirements are then sent to the Compliance Team for review.
All assigned requirements appear on the My Tasks page.
To review requirements:
Log into a user account that's been added to the Requirement Owner & Delegate user group to display the My Tasks page.
Click a requirement to display the Assess Risk form.
Click + in the Review Requirement Details section to review the requirement's details.
In the Review Inherent Risk Assessment section, select the appropriate rating in the Inherent Impact field. Repeat this process for the Inherent Likelihood field to generate an Inherent Risk Score.
In the Control Documentation section:
Click Add Existing Controls to open the Add Existing Controls dialog.
Begin typing in the search bar to search for existing controls. If any of the controls are applicable to the requirement, click Add.
Optional: If you wish to add the version of a control that being used by an assessment in another application or business unit, click Assessments and then Add next to the assessment you wish to share with.
Select the combined effectiveness of the controls from the Control Effectiveness select list.
In the Residual Risk section, select the appropriate rating in the Residual Impact field. Repeat this process for the Residual Likelihood field to generate an Residual Risk Score.
In the Document Issues section:
Click Add Existing Issues, begin typing keywords in the search bar to display a list of existing issues, then click +Add next to each desired issue.
Optional: To create a new issue from scratch, click + Create New to open the Create a New Issue palette and fill in the required fields. See the Review an Issue article for more information.
Optional: Click View Requirement Profile to view this requirement's Requirement Profile report. This report summarizes all information about the requirement as well as its attached controls and issues.
Click one of the following buttons:
Submit for Compliance Team Review: Send the completed requirement to the Compliance Team. The Compliance Team will receive an email notifying them that the requirement has been sent to them for review.
Return to Compliance Team: If the requirement was assigned to you in error, add comments to the Comments box, then click this button to return the requirement to the Compliance Team.