Workflow for Requests and Tasks
Overview
In addition to assessments, tasks and requests provide workflows that are enhanced with notifications of assignments due.
This documentation focuses on status definitions, workflow, and the user fields that prompt email upon status change. The workflow for tasks and requests is identical and is therefore explained together.
User Assignment Fields
There are four fields utilized in the workflow of tasks and requests, three of which receive email notifications. To be available for selection, users must be in an Editor, Contributor, or Administrator role.
TIP
Those in Editor and Administrator roles already have delete privileges. Adding them to the workflow fields will not remove those permissions. Rather, for those in the Contributor role, being assigned to one of these fields expands their permissions to include read and write access.
The screenshot above highlights the assignment fields in red, and are defined as follows:
Requester
- User who creates and assigns an item.
- This is a required field; however, it auto-populates with the person creating the item.
- If requests or tasks are imported, the person who is conducting the import is added as requester.
- The requester is never notified when there is a status change and does not participate in the workflow.
Assignee
- Person responsible for gathering information to satisfy the requirements of the request or task.
- Has read and write access, but no delete privileges.
- This is a required field.
Reviewer
- User who evaluates whether the information gathered by the assignee is acceptable.
- Has read and write access, but no delete privileges.
- If there are no verifiers, the reviewer's approval places the item in a Completed status.
- Use this field if there are multiple users, and all must review and approve a submission.
- All reviewers must approve the item before it transitions to the next status.
- This is an optional field.
Verifier
- User who is the last person to analyze and approve the submitted information.
- Has read and write access, but no delete privileges.
- If there are multiple verifiers, only one need approve the item.
- If the requester wants to be updated on the item's status, use this field.
- This is an optional field.
Statuses
Requests and tasks can have between two and four statuses depending on your business need.
Open
- Initial status when an item is created and assigned.
- It is also the status if a reviewer or verifier rejects the submission.
Submitted
- Status after the assignee submits evidence and the item has a reviewer or verifier.
Reviewed
- Status after all reviewers accept the evidence and the request is waiting for the verifier's action.
- If there are no reviewers, this status is skipped.
Completed
- Status after a verifier accepts the evidence.
- If there are no reviewers or verfiers, the status is directly changed to Completed when the assignee submits information.
Statuses, Users, and Notifications
The following chart displays the workflow of items through the different statuses, as well as who receives an email at each point.
Instant Notifications in the Automated Workflow
ZenGRC has an automated workflow that moves an item's status from state to state as users complete their assigned tasks and requests. This table displays what happens with statuses and email notifications as these normal activities occur. The user(s) in the role indicated by the yellow "yes" box are those who receive email notifications as a result of the specified actions.
| Instant Email Notifications During Normal Workflow Activities | ||||||
Action | From Status | To Status | Assignee | Reviewer | Verifier | Notes |
|---|---|---|---|---|---|---|
Create | n/a | Open | y | n | n | Instant notifications only occur when items are created manually and the "Notify Assignee" is selected. When requests and tasks are imported, notifications don't go out until the "Start Date" |
Submit Task/ | Open | Submitted | n | y | n | If there are other assignees on the item, they are not notified that the item is submitted. The item will be removed from all assignees' To-Do Lists and will not display in the daily summary email |
Approve Task/ | Submitted | Reviewed | n | n | y | All reviewers must approve the item before it moves to Reviewed. The item will be removed from all reviewers' To-Do Lists and will not display in their daily summary email |
Decline Task/ | Submitted | Open | y | n | n | If one reviewer rejects the item, it is immediately reset to Open and all assignees receive an instant email of an assigned item. They then see the item in their To-Do List |
| Decline Task/ Decline Request | Reviewed | Open | y | n | n | If one verifier rejects the item, it is immediately reset to Open and all assignees receive an instant email of an assigned item. They then see the item in their To-Do List |
Verify Task/ | Reviewed | Completed | n | n | n | No one is notified on final completion |
NOTE
Instant notifications need to be enabled for the "Notify Assignee" to be displayed on the new item form, which is the only time the option is available. To see how to enable the option and where to select it during new item creation, please see Configuring Email Settings.
Instant Notifications When Statuses are Overridden
The ZenGRC automated workflow can be manually overridden at any point by a ZenGRC administrator or editor. The dropdown for override is located in the top right corner of the task or request and always displays the current status.
If the users in the Assignee, Reviewer and Verifier fields are assigned to Editor or Administrator global roles, they can override statuses as described here.
This table outlines what occurs with statuses and email notifications when a status is manually changed. The user(s) in the role indicated by the yellow "yes" box are those who receive email notifications as a result of the specified actions.
Email Notifications Workflow When Activities are Manually Overridden | ||||||
| Action | From Status | To Status | Assignee | Reviewer | Verifier | Notes |
|---|---|---|---|---|---|---|
Manual Override | Completed | Open | y | n | n | All assignees receive an instant email of an assigned item |
| Manual Override | Completed | Submitted | n | y | n | All reviewers receive an instant email of an assigned item |
| Manual Override | Completed | Reviewed | n | n | y | All verifiers receive an instant email of an assigned item |
| Manual Override | Open | Submitted | n | y | n | All reviewers receive an instant email of an assigned item |
| Manual Override | Open | Reviewed | n | n | y | All verifiers receive an instant email of an assigned item. Reviewers who have not approved the item will see a "Bypassed" badge beside their name |
| Manual Override | Submitted | Open | y | n | n | All assignees receive an instant email of an assigned item |
| Manual Override | Submitted | Reviewed | n | n | y | All verifiers receive an instant email of an assigned item. Reviewers who have not already approved the item will see a "Bypassed" badge beside their name |
| Manual Override | Reviewed | Open | y | n | n | All assignees receive an instant email of an assigned item. All Reviewers will see a "Pending" badge beside their name |
| Manual Override | Reviewed | Submitted | n | y | n | All reviewers receive an instant email of an assigned item. They will see a "Pending" badge beside their name |
| Manual Override | All Statuses | Completed | n | n | n | No one is notified on final completion |
Notifications When Users are Added
Users can be added as assignees, reviewers and verifiers at any time. However, when adding a reviewer, it disrupts the automatic workflow if the item is in a Reviewed or Completed status.
Since all reviewers are required to approve the information, the status reverts to a Submitted state until the new reviewer approves. The only person notified is the new reviewer.
NOTE
To understand how to do your part when assigned a task or request, please see Quick Tips for Tasks and Requests and Quick Tips for Assessments.
© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com