After creating an audit, we need to add one or more recertification policies to the Audit. We can audit or certify multiple items using an audit. For example, in a Q1 audit, we should certify an external partner and identify as well as a member of certain high-risk management roles. These items are specified in one or more recertification policies. An audit is the actual review of access rights against the company policies and regulations, so it’s necessary to add Recertification Policy that defines rules and procedures for reviewing access rights. The Instructions to create the recertification policies are provided in the doc Create Recertification Policies.
| Tip |
|---|
Key Information Audits can be used to certify multiple items, such as external partners and high-risk management roles, by incorporating multiple recertification policies into a single audit. This can be beneficial as it allows organizations to efficiently assess multiple areas of concern at once, rather than having to conduct separate audits for each item. |
In this post, we will learn how to add a recertification policy to an audit.
Add the Recertification Policy on to the Audit
You will be automatically navigated to view one Audit page once you have created an Audit. Please skip step 1 and 2, which provides instructions to open view one page if you already have it open.
Navigate to Compliance → Recertification and select the Audits tab.
To find the Audit, you can type the name in the search textbox and click on the search button to search. Click on the name of the Audit to open the ViewOne page.
Locate the Recertification Policies tab. Click on the ➕ icon to add a recertification policy to the Audit.
Select the recertification policy from the recertification dropdown. Select the fall-back assignee and click on Save.
| Tip |
|---|
Entering a number in the Ignore Any Certified within the Last X Days field is useful in situations where a previous audit closed before all recertification tasks it generated were completed. This way, managers only receive recertification tasks for any direct reports which needed to be certified in the last Audit. This setting does not completely exclude previously audited direct reports; it only excludes those access assignments that were re-certified within the specified day range. Thus, if a direct report gains access to a new resource, such as becoming the member of a new group, the Audit generates a recertification task for that new membership. |
...
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
...