Disabled |
Specify whether the attestation policy is disabled or not. Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Completed attestation cases can be deleted once the attestation policy is disabled. |
Attestation policy |
Enter a name for the attestation policy. |
Description |
Enter a description of the attestation policy. |
Attestation procedure |
Select which objects to attest with this attestation policy.
NOTE: The selection of the attestation procedure is crucial. The selected attestation procedure determines, amongst other things, the available options when conditions are added. The available options are modified to match the attestation procedure. |
Approval policies |
Specify who can approve the attestations. Depending on which attestation procedure you selected, different approval policies are available. |
Attestors |
Click Assign/Change and then select the identities that can make approval decisions about attestation cases.
NOTE: This field is only shown if you have selected an attestation policy in the Attestation policy menu that demands attestation by an approver (for example, Attestation by selected approvers). |
Calculation schedule |
Specify how often an attestation run is started with this attestation policy. Each attestation run creates a new attestation case respectively. |
Time required (days) |
Specify how many days attestors have to make an approval decision about the attestation cases governed by this policy. If you do not want to specify a time, enter 0. |
Owner |
Select the identity that is responsible for this attestation policy. This identity can view and edit the attestation policy. |
Risk index |
Use the slider to define the attestation policy's risk index. This value specifies the risk for the company if attestation for this attestation policy is denied. |
Compliance frameworks |
Click Assign/Change and add a compliance framework to use.
Compliance frameworks are used for classifying attestation policies, compliance rules, and company policies according to regulatory requirements. For example, internal requirements or auditing requirements. |
Sample |
Select which sampling data you want to use (see Running sample attestations).
NOTE: You can only select samples that have not yet been assigned to an attestation policy.
NOTE: When you select samples, you can not set conditions anymore and vice versa. |
Close obsolete tasks automatically |
Specify whether attestation cases pending for this attestation policy are automatically closed if new attestation cases are created (for example, when there is a new attestation run of this attestation policy).
If an attestation run with this attestation policy is started and the option is set, new attestation cases are created according to the condition. All pending, obsolete attestation cases for newly determined attestation objects of this attestation policy are stopped. Attestation cases for attestation objects that are not recalculated, remain intact. |
Approval by multi-factor authentication |
Specify whether approvals about attestation cases governed by this attestation policy require multifactor authentication (for example Starling 2FA). |