Determining your level of risk requires an assessment and knowledge of security policies, laws and regulations governing your environment. Risks exist, they are unavoidable. Risk exception begins with identifying an exposure. By planning, you will create awareness throughout your organization of the risks present and increase your ability to minimize the consequences.
The Risk Exception Module provides Risk Managers and Compliance Teams the ability to efficiently and centrally manage strategic risks through identification, tracking, monitoring, reporting, authorizing and escalating risk exceptions and policy exceptions, as well as correlating multiple findings to a risk exception. Designed to provide a standardized approach to review, manage, and accept Findings and Exceptions that cannot be remediated within an organization’s specified timelines. With the Risk Exception module organizations have a platform to realize their Multi-Tiered Risk Management Framework (RMF).
• Customizable Workflow approach to manage all exception requests.
• Automated Notifications for approval and management authorization, upcoming re-certifications, and more.
• Formal, Repeatable, and Scalable workflow for risk exception management.
• Correlates Risk Exception to the risk exposure.
• Defines different levels of approval.
• Aligned with NIST Components of a Risk Management Framework (RMF)