During the review process, the Compliance Team assigns requirements to users in the Requirement Owner & Delegate user group. Users in this group are responsible for:
- Reviewing requirements and documenting the controls the organization has in place;
- Reviewing the issues and corrective actions for risks in the Remediation state; and
- Monitoring the impact of the requirement on the organization throughout the year for requirements in the Monitoring state.
Requirement owners and their delegates have access to the Portal application only, unless they are assigned to additional user groups or have access to other Resolver apps.