Live Search spaceKey ZenGRCOnboardingGuide additional none placeholder Search our site type page
Overview
ZenGRC provides customizable templates a risk management workflow that automatically triggers the ability to create tasks between certain risk statuses. These tasks contain information pre-filled from customized templates maintained by your organization. The tasks can either be used to gather feedback and promote awareness between each of the risk 's stakeholders. The templates populate the tasks with pre-defined content depending on the status. And you can determine whether to use the taskstakeholders, or they can be closed without creating the task.
| Note | ||
|---|---|---|
| ||
Risk objects follow a different status set up from other ZenGRC objects. Statuses can be reviewed at Risk Management Statuses. |
How it Works
Risk objects follow a different
Task Templates
In the risk settings/tasks tab there are 4 templates(Accept, Transfer, Remediate, Avoid), where admins can define how the automatic task creation modal will be populated.Each template has 6 fields
The ability to create tasks between certain risk statuses is activated after a risk is placed in an Assessed status. A new task displays when the risk is transferred between the following statuses:
Assessed → Accepting
Assessed → Transferring
Assessed → Avoiding
Remediate → In remediation
The following screenshot shows the template that displays when the corresponding risk status is selected.
Task details are automatically populated based on templates with pre-defined content that depends on the risk status being suggested in the workflow.
Task Templates
Six fields in the task can be pre-populated from the task templates and include the following:
- Title
- Description
- Assignees
- Reviewers
- Verifiers
- Related object (this one is locked always)
The Title and Description fields can hold variables listed on top of the page - in the form of between %...%. The three variables areinclude: %object% , %object_title%, %object_description%.
When a variable is added to a template's field, the field will contain the then contains information from the variable on the actual task creation.
On the risk objects an actionable button is added, which is always descriptive of what will happen. The actionable button transfers the risk object to the upcoming status. For some statuses the actionable button is a "dropdown", so the user can select what he wants to do.
An additional feature is, that when a risk object is transferred from "identified" to "under assessment" through the actionable button, then the risk scoring tab automatically opens.
Note: statuses can still be freely changed on the top-right, the actionable button just follows the risk lifecycle, but it is not enforced. To tie into the templates - when a risk object with the actionable button is transferred from:
assessed → accepting
assessed → transferring
assessed → avoiding
remediate → in remediation
Then a task creation modal will pop up, populated with information from the relevant task template.
The task from this modal does NOT have to be created to automatically transfer the status. The task creation can be cancelled and the status will still automatically transfer.
An additional thing to note is, that when a risk object is transitioned with the actionable button, and a "non-admin" is the owner, then the task creation modal will not show up (because readers can't create tasks), but the status will transition.
Functional spec:https://reciprocitylabs.atlassian.net/wiki/spaces/ZenGRC/pages/570032494/Essential+Risk+Milestone+4
Risk settings/ task tab on dev3 instance:
https://dev3.zengrc.com/settings/risk/tasks
Setting up the Task Templates
The task templates contain text determined by ZenGRC experts. However, it can be altered to suit your organization's needs.
To review or alter templates, complete the following steps:
- Click Settings | Risk Settings.
- Select the Tasks tab. This is only be enabled if you are in the ZenGRC Beta Program.
- The Accept - Task Template is listed first. Continue scrolling down to alter additional templates.
Utilizing the Risk Workflow for Tasks
When a risk is in the Assessed status, the task workflow templates come into play as follows:
- Click System of Record | Risks and select the applicable risk.
- Click I want to. . . and select one of the statuses.
- A new task displays and is populated with information from the corresponding template. For example, the following screenshot pulls information from the Accept - Task Template.
- Alter as needed and save.