Overview
...
ZenGRC's substantial redesign is aimed at helping administrators and risk managers minimize business risk, eliminate threats and decrease vulnerabilities. This includes adding statuses that better fit the risk management workflow. This documentation provides an overview of how to understand and use statuses for the risk, threat, and vulnerability objects.
| Note | ||
|---|---|---|
| ||
Although the incident object is a part of risk management, its statuses are not the same as the risk, threat and vulnerability objects. This is because incidents belong to the audit workflow. Threats and vulnerabilities follow the same status patterns as risk because they are a core part of risk analysis. |
Lifecycle for Risk Items
...
The risk management workflow utilizes statuses as follows:
- Draft - The risk is vaguely defined.
- Identified - The risk is confirmed, and details are added.
- Under assessment - Risk assessment is kicked off.
- Assessed - Risk calculation is finalized and risk value is determined.
- Unfounded - There is no reason to discuss the risk because it's invalid, lacks reasoning, etc.
- Accepted - The risk is accepted as-is.
- Transferred - The risk is transferred to a vendor.
- Avoided - The risk is avoided completely.
- Remediate - Research is necessary to reduce the risk.
- In remediation - A risk manager is actively working on the risk.
