Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When a Separation of Duties policy is compiled, EmpowerID creates a review task for each policy violation it finds based on the rules applied to the policy.

For example, you can have a SoD policy with a rule that specifies that a violation should occur when any one person is assigned to both Management Role "A" and Management Role "B" at the same time. When the SoD engine runs, it checks to see if any one person belongs to both of those roles. If the engine finds people with both roles, it creates an SoD review task for each violation (one per person). These tasks can then be reviewed and remediated by anyone assigned to all of the following Access Levels:


HTML Comment
hiddentrue

the Enterprise Compliance Officer Management Role as well as anyone assigned


pages that pop up as options when i search for sod:

  • Auditor SoD Violations Closed
  • Auditor SoD Violations Open
  • Create SoD Policy
  • SODGroup
  • SODGroupGroup
  • User Tasks and Requests - SoD - Closed Violations
  • User Tasks and Requests - SoD - Open Violations

pages that pop up as options when i search for auditor:

  • (first two above)
  • Auditor Recertification Tasks Done
  • Auditor Recertification Tasks To Do
  • Auditor Recertification Tasks To Do No Approver
  • Audit Configuration Page
to all of the following Access Levels:
  • The Viewer Access Level for the page Auditor Compliance Dashboard (if you want the person to have access to the dashboard)
  • The Reviewer Access Level for the people violating the policy
  • The Reviewer Access Level for the Separation of Duties policyThe Viewer Access Level for the page Auditor Compliance Dashboard (if you want the person to have access to the dashboard)
  • The Viewer Access Level for the page Auditor SoD Violations Open page of the Auditor Compliance Dashboard (if appropriate) and/or
  • The Viewer Access Level for the page User Tasks and Requests - SoD - Open Violations page of the User Compliance Dashboard (if appropriate)


To review Separation of Duties violations


Note

If the violation occurs as a result of IT Shop requests, the violation is reported through the Workflow Tasks To Do list rather than SoD Violations. See below for details.

  1. Log in to the EmpowerID Web application as

    HTML Comment
    hiddentrue

    either a person assigned the Enterprise Compliance Officer Management Role or 

    a person with all of the above mentioned Access Levels.

  2. In the navigation sidebar, expand Compliance Management (or Tasks and Requests), then SoD Violations, and click To Do
  3. On the Open Violations page, search for the SoD Policy with violations to review and click the link for the violation in the SoD Violations grid.




    This directs you to the View page for this violation. This page lets you view details of the violation, including the assignment combinations comprising it. It also displays a set of decisions to submit to remediate the violation.



  4. From the Separation of Duties page, click the Submit Decision link beside the decision that reflects the remediation taken. These decisions include the following:
    • Acknowledged - The SoD Violation has been noted, but no corrective action has been taken by the reviewer.
    • Corrected - The SoD violation has been corrected.
    • Permitted - The SoD violation is unresolved but allowed.
    • Policy Changed - The SoD Policy has been changed to allow any exceptions to a previous version of the policy.

  5. Enter comments for the resolution and click OK.

    The SoD Policy Violation Details page updates to show the decision.

To review SoD violations resulting from IT Shop requests

  1. In the navigation sidebar, expand Tasks and Requests, then Workflow Tasks, and select Tasks To Do.
  2. Search for "SoD" and then click the arrow to the left of the SoD violation task.



  3. Click View Approval Form.



  4. On the SoD Violation Approval form that appears, in the Management Roles Requested section, select the check box next to any management role requests you want to approve, and leave the check box cleared for any management role requests you do not want to approve, and click Submit.




Div
stylefloat: left; position: fixed; top: 70px; padding: 5px;
idtoc
classtopicTOC


Div
stylemargin-left: 40px; margin-bottom: 30px;

Live Search
spaceKeyE2D
placeholderSearch the documentation
typepage


Div
stylefont-size: 1rem; margin-bottom: -35px; margin-left: 40px;text-transform: uppercase;

In this article



Table of Contents
stylenone