Versions Compared

Old Version 8

changes.mady.by.user Tristan Mohn

Saved on

compared with

New Version 9

changes.mady.by.user Tristan Mohn

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Page Contents

Table of Contents
indent18px


Live Search
spaceKeyZenGRCOnboardingGuide
additionalnone
placeholderSearch our site
typepage

Overview

ZenGRC provides a risk management workflow that automatically triggers the ability to create tasks between certain risk statuses. These tasks contain information pre-filled from customized templates maintained by your organization. These tasks can be used as follows:

  • To gather feedback and promote awareness between risk stakeholders.
  • To describe the work that needs to be done for the appropriate assignee.
  • Or, they can simply be canceled without creating the task.

Note
titleIMPORTANT

Risk objects follow a different status set up from other ZenGRC objects. Statuses can be reviewed at Risk Management Statuses.

How

it Works

The ability to create tasks between certain risk statuses is activated after a risk is placed in an Assessed status. Task details are automatically populated based on templates with pre-defined content that depends on the risk status being suggested in the workflow. 

A new task displays when the risk is transferred between the following statuses:

  • Assessed → Accepting

  • Assessed → Transferring

  • Assessed → Avoiding

  • Remediate → In remediation

  • In Remediation → Accepting
  • In Remediation → Transferring
  • In Remediation → Avoiding
The following graphic places a green dot between the statuses where the task templates

Tasks Are Triggered in Your Workflow

The following outlines the functionality of when and how tasks are displayed in the risk workflow:

  • The drop down that triggers a new task is located below the risk name on the details page and only displays when the risk is in the following statuses:
    • Assessed
    • Remediate
    • In Remediation

    Image Added
  • A new task displays immediately after a status in the drop down is selected.
  • When a risk is in an Accessed status and a new status is selected, the following occurs (even if you cancel the task that displays):
    • Accept transfers the risk from Accessed to Accepting.
    • Avoid transfers the risk from Accessed to Avoiding.
    • Transfer transfers the risk from Accessed to Transferring.
    • Remediate transfers the risk from Accessed to In remediation.
  • When a risk is in an In remediation status and a new status is selected, the following occurs (even if you cancel the task that displays):
    • Accept transfers the risk from In remediation to Accepting.
    • Avoid transfers the risk from In remediation to Avoiding.
    • Transfer transfers the risk from In remediation to Transferring.
  • Task details are automatically populated.
  • Task wording depends on the risk status selected in the workflow and is populated with content from templates.
  • A task can be cancelled and not created.
  • Risk statuses can be updated at any time using the Status drop-down in the top right.

The following graphic displays a green dot between the statuses when the tasks display. A larger version of the workflow with all risk statuses is available at Risk Management Statuses.

Task Templates

Six Templates can populate six fields in the task can be pre-populated from the task templates. Those fields a task and include the following:

  • Title
  • Description
  • Assignees
  • Reviewers
  • Verifiers
  • Related object. This is a locked field that automatically maps the task to the active risk object.

Using Variables

The template Title and Description fields can hold variables listed at the top of the page. The variables act as a connection between the active object and the input fields. They can be used to simplify the linking, reduce mistakes, and avoid typos., which automatically insert information from the risk into the task.

The three variables include:

  • %object% %object_title%Used only in the related object field to link to the actual objectto populate the risk title into the title of the task.
  • %object_title%description% Used to populate the field with the active object's title.%object_description% Used to populate the field with the object's descriptionpopulate the risk's description into the task.
  • %object% - Used only in the Related Object field. It is a direct link to the risk being transferred to the new status and cannot be deleted.

Setting up the Task Templates

The task templates contain text and variables determined by ZenGRC experts. However, it the templates can be altered to suit your organization's needs.

To review or alter templates, complete the following steps:

  1. Click Settings | Risk Settings.
  2. Select the Tasks tab. The Accept - Task Template is listed first, with additional templates below.



  3. The Accept - Task Template is listed first.
    4. Continue scrolling down
  4. Scroll to
    5. alter
  5. see additional templates

    6. Image Removed
  6. By placing the variable called %object% in the Title field, the name of the risk will automatically populate in its place when saved.
Utilizing Tasks in
  1. . The below screenshot outlines variables in red. The variables pull associated risk information into the task.

    Image Added

  2. If there are personnel who always review tasks at a certain stage, add them to the Assignees, Reviewers, or Verifiers fields. The fields can be altered when the task is generated.
  3. Select Notify Assignee if the user in the Assignee field should be emailed when the task is saved. This only functions if you have instant notifications activated.
  4. Click Save at the bottom of the page. This saves the changes to all templates.

Following the Risk Workflow

When a risk is in the Assessed status, the task workflow templates come into play as follows:

  1. Click System of Record | Risks and select the applicable risk. 
  2. Click Open the risk and click I want to. . .  and select one of the statuses. 
    Image Removed
    A
  3. Select one of the statuses in the drop down below the risk name. This drop down is the only place to find the statuses of Accept, Avoid, Transfer, and Remediate, which trigger new tasks.

    • If Accept is selected, a new task displays and is populated with information from
    the corresponding template. For example, the following screenshot pulls information from the Accept - Task Template.
    Image Removed
    • the Accept - Task Template. Note how the risk name populates in the Title field where the variable was placed in the template.

      Image Added

    • If Transfer is selected, a new task displays and is populated with information from the Transfer - Task Template.
    • If Avoid is selected, a new task displays and is populated with information from the Avoid - Task Template.
    • If Remediate is selected, a new task displays and is populated with information from the Remediate - Task Template.
  4. Alter as needed and click Save.
  5. Alternatively, click Cancel to close the dialog without creating a the task, or . Or click Save & Add Another to create additional tasks. If you decide to cancel the task, the risk will still be transferred to the new status.


The actionable buttons are custom for each status. Statuses can be manually changed to whichever, without the actionable button an task templates.

We could mention that the risk scoring tab is automatically opened when transferring from Identified to Under Assessment.



tristan

Include Page
di:RH Navigation
di:RH Navigation