Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email for assistance

Identity Manager On Demand - Starling Edition Hosted - Company Policies Administration Guide

Company policies in One Identity Manager Defining company policies
Creating and editing company policies Using default company policies Deleting company policies Policy groups Compliance frameworks Schedules for checking policies Company policy attestors Policy supervisors for company policies Exception approvers for policy violations Standard reasons for policy violations Mail templates for company policy notifications
Checking company policies Automatic attestation of policy violations Mitigating controls for company policies General configuration parameter for company policies

Starting attestation of new rule violations

NOTE: This functionality is only available if the Attestation Module in installed.

There are several different ways to start attesting policy violations:

  • Attest new policy violations immediately

    If Start attestation of new rule violations immediately is enabled on the company policy, an attestation case is created immediately for each new policy violation when policy checking is run. To do this, the POL_QERPolicyHasObject_create_attestationcase process is run for each insert into the QERPolicyHasObject table.

  • Starting attestation of all rule violations manually

    To trigger attestation of all object that violate a company policy, in the Manager, run the Recertify all policy violations task. First this check whether all affected objects can be determined as attestation objects by the assigned attestation policy. If this is not the case, an error message is shown and attestation does not start.

  • Starting scheduled attestation of all rule violations

    Attestation is started by the schedule stored with the attestation policy.

Detailed information about this topic

Mitigating controls for company policies

Violation of regulatory requirements can harbor different risks for companies. To evaluate these risks, you can apply risk indexes to company policies. These risk indexes provide information about the risk involved for the company if this particular policy is violated. Once the risks have been identified and evaluated, mitigating controls can be implemented.

Mitigating controls are independent on One Identity Manager’s functionality. They are not monitored through One Identity Manager.

Mitigating controls describe controls that are implemented if a company policy was violated. The next policy check should not find any rule violations once the controls have been applied.

To edit mitigating controls

  • In the Designer, set the QER | CalculateRiskIndex configuration parameter and compile the database.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Related topics

Creating and editing mitigating controls for company policies

To create or edit mitigating controls

  1. In the Manager, select the Risk index functions > Mitigating controls category.

  2. Select a mitigating control in the result list and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the mitigating control main data.

  4. Save the changes.

Enter the following main data of mitigating controls.

Table 14: General main data of a mitigating control




Unique identifier for the mitigating control.

Significance reduction

When the mitigating control is implemented, this value is used to reduce the risk of denied attestation cases. Enter a number between 0 and 1.


Detailed description of the mitigating control.

Functional area

Functional area in which the mitigating control may be applied.


Department in which the mitigating control may be applied.

Assigning company policies to mitigating controls

Use this task to specify for which company policies the mitigating control is valid. You can only assign company policy working copies on the assignment form.

To assign company policies to mitigating controls

  1. In the Manager, select the Risk index functions > Mitigating controls category.

  2. Select the mitigating control in the result list.

  3. Select the Assign company policies task.

    In the Add assignments pane, assign company policies.

    TIP: In the Remove assignments pane, you can remove company policies.

    To remove an assignment

    • Select the company policy and double-click .

  4. Save the changes.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating