Issue owners and their delegates are responsible for ensuring issues are assigned an appropriate corrective action. Once an issue owner has reviewed an issue, it's sent to the Security Assessment Team for further review.
To review an issue:
Log into an account added to the Issue Owner & Delegate user group to display the My Tasks page.
- Click an issue to display the Issue Overview form.
- Edit the following fields, as needed:
Issue Name: Enter a name for the issue.
- Description: Enter a description of the issue.
- Issue Owner: Begin typing usernames, then select the user who will be responsible for this issue.
- Issue Delegate: Begin typing usernames, then select the user who will be responsible for this issue in the event the issue owner is unavailable.
- Date Identified: Select the date the issue was identified from the calendar dropdown.
- Identified By: Select the team or user who identified the issue.
- Due Date: Select the issue's due date from the calendar dropdown.
- Issue Type: Select an available issue type.
- Issue Resolution Date: The date that the issue was resolved.
- Priority: Select the issue's priority.
- Recommendation: Type in the steps you believe the organization should take to remediate the issue.
- Management Response: Enter a response summarizing management's action to remediate the issue.
- In the Corrective Actions section, an existing corrective action can be added by clicking Add Existing Corrective Actions, typing its name in the search bar, and selecting it. To create a new corrective action from scratch, click + Create New and fill in the required fields. See the Review a Corrective Action article for more detailed information on filling out this form.
- Optional: Add comments, as needed.
- Click Submit for Review to send the issue to the risk team.