Chat now with support
Chat with Support

Identity Manager 9.1.2 - Company Policies Administration Guide

Company policies in One Identity Manager Defining company policies
Basic data for company policies Creating and editing company policies Using default company policies Deleting company policies
Checking company policies Mitigating controls for company policies General configuration parameter for company policies

Requesting exception approval

If new policy violations are discovered during a policy check, exception approvers are notified and prompted to make an approval decision.

Prerequisites
  • Exception approvals for policy violations are permitted.

  • The company policy is assigned to an Exception approvers application role.

  • Employees are assigned to this application role.

To send demands for exception approval

  • Enter the following data for the company policy:

    • Exception approval allowed: Enabled

    • Mail template new violation: Policies - new exception approval required

    TIP: To use a mail template other than the standard for these notifications, create a mail template with the QERPolicy base object.

Related topics

Notifications about policy violations without exception approval

Policy supervisors are notified if new policy violations are discovered during a policy check and these cannot be granted exception approval.

Prerequisites
  • Exception approvals for policy violations are not permitted.

  • An application role for Policy superviors is assigned to the company policy.

  • Employees are assigned to this application role.

To inform a policy supervisor about policy violations

  • Enter the following data for the company policy:

    • Exception approval allowed: Not enabled

    • Mail Template New Violation: Policies - rogue violation occurred

    TIP: To use a mail template other than the standard for these notifications, create a mail template with the QERPolicy base object.

Related topics

Displaying approval status of policy violations

Edit policy violations in the Web Portal. For more information, see the One Identity Manager Web Designer Web Portal User Guide.

In the Manager, you can get an overview of the approval status of each policy violation. To do this, open the overview form of the enabled company policy whose policy violations you want to look at. You will see new, granted, and denied policy violations here.

To display details of a policy violation

  1. In the Manager, select the Company Policies > Policies category.

  2. Select the company policy in the result list.

  3. Select the Company policy overview task.

  4. Select the form element for the policy violation and make the list entries visible. You have the following option:

    • Policy violations: new: Displays all policy violations pending approval.

    • Policy violations: exception approved: Displays all policy violations that have been granted approval.

    • Policy violations: exception denied: Displays all policy violations that have not been granted approval.

  5. Click the policy violation you want to view.

    This opens the policy violation main data form, which shows you an overview of the object that caused the violation, the approval status and the exception approver responsible.

Related topics

Mitigating controls for company policies

Violation of regulatory requirements can harbor different risks for companies. To evaluate these risks, you can apply risk indexes to company policies. These risk indexes provide information about the risk involved for the company if this particular policy is violated. Once the risks have been identified and evaluated, mitigating controls can be implemented.

Mitigating controls are independent on One Identity Manager’s functionality. They are not monitored through One Identity Manager.

Mitigating controls describe controls that are implemented if a company policy was violated. The next policy check should not find any rule violations once the controls have been applied.

To edit mitigating controls

  • In the Designer, set the QER | CalculateRiskIndex configuration parameter and compile the database.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating