지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 9.3 - Company Policies Administration Guide

Company policies in One Identity Manager Defining company policies
Creating and editing company policies Using default company policies Deleting company policies Policy groups Compliance frameworks Schedules for checking policies Company policy attestors Policy supervisors for company policies Exception approvers for policy violations Standard reasons for policy violations Mail templates for company policy notifications
Checking company policies Automatic attestation of policy violations Mitigating controls for company policies General configuration parameter for company policies

Configuring automatic attestation of policy violations

NOTE: This functionality is only available if the Attestation Module in installed.

Attestation of policy violations requires an attestation policy that matches the company policy. This attestation policy must determine the same objects as the company policy.

To set up automatic attesting of policy violations

  1. Create an attestation policy for attesting objects that violate a company policy. Ensure that the same objects are determined by this attestation policy as by the company policy.

    For more information about creating and editing attestation policies, see the One Identity Manager Attestation Administration Guide.

  2. Create a new company policy or edit an existing company policy. Enter the following data:

    • Attestation policy: From the drop-down, select the attestation policy to be used for attesting policy violations.

      IMPORTANT: Ensure that the same objects are determined by this attestation policy as by the company policy. Check the assigned tables and conditions.

    • Start attestation of new rule violations immediately: Specify whether an attestation case is created immediately for each new policy violation.

      If this option is disabled, attestation is only started by the schedule stored with the attestation policy.

Detailed information about this topic

Starting attestation of new rule violations

NOTE: This functionality is only available if the Attestation Module in installed.

There are different ways to start attesting policy violations.

  • Attest new policy violations immediately

    If Start attestation of new rule violations immediately is enabled on the company policy, an attestation case is created immediately for each new policy violation when policy checking is run. To do this, the POL_QERPolicyHasObject_create_attestationcase process is run for each insert into the QERPolicyHasObject table.

  • Starting attestation of all rule violations manually

    To trigger attestation of all object that violate a company policy, in the Manager, run the Create attestation processes now task.

  • Starting scheduled attestation of all rule violations

    Attestation is started by the schedule stored with the attestation policy.

The POL_QERPolicyHasObject_create_attestationcase process checks whether all affected objects can be determined as attestation objects by the assigned attestation policy. If this is not the case, the process step is given the Frozen process state and an error message is logged.

Detailed information about this topic

Issues arising during policy violation attestation

The process (POL_QERPolicyHasObject_create_attestationcase), which runs the automatic attestation of policy violations, fails and is given the Frozen progress state.

Error message: There are 1 objects that do not match to the attestation policy condition. (...)

Probable reason

Objects that violate the company policy are not identified as attestation objects. The condition may have been changed in the company policy or the attestation policy.

Solution

Ensure that the same objects are found by the attestation policy and by the company policy. Check the assigned tables and conditions.

  1. In the Manager, open the company policy.

  2. Check the base table and the condition.

  3. In the Manager, open the attestation policy assigned to the company policy.

  4. Check the condition and the associated attestation procedure.

  5. Correct the conditions or assigned tables so that the same objects are determined by both policies.

For more information about editing attestation policies, see the One Identity Manager Attestation Administration Guide.

Related topics

Mitigating controls for company policies

Violation of regulatory requirements can harbor different risks for companies. To evaluate these risks, you can apply risk indexes to company policies. These risk indexes provide information about the risk involved for the company if this particular policy is violated. Once the risks have been identified and evaluated, mitigating controls can be implemented.

Mitigating controls are independent on One Identity Manager’s functionality. They are not monitored through One Identity Manager.

Mitigating controls describe controls that are implemented if a company policy was violated. The next policy check should not find any rule violations once the controls have been applied.

To edit mitigating controls

  • In the Designer, set the QER | CalculateRiskIndex configuration parameter and compile the database.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Related topics
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택