RISK EXCEPTION

Brings Efficiency to the Process.

In circumstances when a particular policy, standard, security program requirement, or security best practice cannot be fully implemented, an Exception Management Program is necessary. To determine the potential impact and likelihood for which a risk could be exploited, an effective program requires that each exception request must first be identified, evaluated, and then elevated for an Exception Approval, Temporary Acceptance, or Denial.

Furthermore, the Risk Exception should be tracked and re-evaluated at a future date. Today many organizations handle exceptions manually using a variety of methods. The Allgress Exceptions module brings efficiency to these processes with a single-source-of-truth repository and workflow capabilities for the full exceptionmanagement lifecycle.

• Automate labor intensive and manually repetitive actions. Manual process generally leads to complexity, duplication, and human error, which are

the enemy of a sound security program. Allgress facilitates a repeatable process for any type of Exception, mitigating the costly manual process.

• Uniquely identify and catalog each Exception Request with custom intake forms.

• Streamline approval processes by associating multiple Findings to a single Exception Request.

• Collect required information for each submitted Finding and Exception Request by creating a tailored intake form using out-of-the-box and custom

fields.

• Assess and remediate Findings.

• Define designated approvers based on risk level and allow for sequenced approvers that vary by Exception type, when required.

• Customize expiration dates, escalations, and workflow notifications.

• Rank Exception Requests based on overall risk level and impact to the organization with an automated calculation.

• Create and execute remediation plans in real-time to help mitigate identified Exceptions before they expire.

• Build rich reports and dashboards with many graph and chart options to inform management teams.