If when calculating the risk rules for a local risk, EmpowerID discovers users violating the rules (they have one or more risk functions defined by the local risk), it flags the violations and sends them to risk owners for approval, mitigation or remediation. Risk violations are logged and tracked, with risk owners alerted of violations pending their decision. Risk owners can analyze all aspects of how the risky access was obtained and decide to allow the risk and add optional mitigating controls or opt for the violation to be corrected and the risky access removed.
EmpowerID does not notify risk owners when premitigated violation occur. A record of the violation and the reason for the premitigation are kept for review and audit purposes.
How to view risk violations
On the navbar, expand Compliance and click Risk Management.
On the Risk Management page, select the Violations tab and then search for the risk with the violations.
Available Violation data includes the following information:
When the violation was discovered
The violator — EmpowerID distils all violations down to the person violating the rule, regardless of how they received the violating functions. For example, if numerous people belong to a role that has the function, EmpowerID will flag each person in the role as a violator to give you a full picture of the magnitude of the risk. Risk owners can view the exact assignment point that caused the person to be in violation.
Whether the violation is still active
When the risk was modified
The risk migitator, if any
Click any link to view more information about the violation and the violator. For example, to view more information about a specific violation, click the Violation link for the record in question.
Clicking the Violation link for a violation record directs you to the Local Risk Details page for that violation. The page has a number of accordions with more details about the details.