Mitigation is the process by which you recognize a risk but allow it, choosing instead to actively mitigate it with checks and balances procedures. In EmpowerID you achieve this through the use of mitigating controls. Mitigating controls are objects that you define at a global level and associate with global risks. Once associated with global risks they become available for mitigating local risks and can be used for mitigating specific violations to those risks.
How to create a mitigating control
On the navbar, expand Compliance and click Risk Management.
On the Risk Management page, select the Mitigating Controls tab and then click the Add New Mitigating Control button.
Enter the following information in the dialog that appears:
Name — Enter a name for the risk that matches the global function the to which the risk applies. For example, if you have a function named Create Azure Groups and you are creating a global risk for that global function, a best practice would be to name the risk Create Azure Groups.
Display Name — Enter a display name for the risk. Display names are friendly names that appear in the user interface
Description — Enter a description for the risk
Control Type — Select System Processed or User Processed.
Location — Click the Select a Location link and then search for and select a creation location for the risk
Click Save to create the control.
The new mitigating control can now be added to risk policies as needed.