A response created from the Assessment Details > Responses tab overrides the compliance score. When created with the Add Finding Response action on the Assessment Details > Findings tab, it mitigates the finding score.
To create a response:
- Open RiskVision Compliance Manager.
- Go to Assessments > Assessments.
- Click an assessment. Click the General tab on the Assessment Details page.
- Launch the New Response wizard using one of the following methods:
- Click the Findings tab, then click More Actions > Add Finding Response.
- Click the Control Results tab, select a control or subcontrol, then click Actions > New Response.
Expand the Response section. Enter a name in the Title field, then enter text in the Comments field to provide information about the need to create a response.
Click the Response Action field to display a list of options then select the appropriate value. Repeat this process with the Mitigation Status field.
Click the Start Date field to select a date. Repeat this process with the End Date field.
Click the Owning Organization field and enter a name.
Expand the Return of Investment section, then enter a percentage value in the Risk Reduction (percentage) field to override the risk score.
Enter a value in the Implementation Cost field to forecast the implementation cost, and enter a value in the Time to Implement (in days) field to calculate the effort.
The risk score is reduced using the formula as follows: risk - risk - (risk * riskReduction). For example, if you have to override the risk score of 100 by twenty-five percent, the risk will be reduced to 75.
There are a number of response actions depending on the specifics of a finding. Response actions include:
- Compensate
- Mitigate
- Click Next.
- To link tickets, click the box next to the Link an existing or new Ticket with this Response option. You can link an existing ticket or create a new ticket that will help track the response.
- Select existing tickets that you want to link. In the Available Tickets box, click the box corresponding to each row, and click >> so that tickets are moved to the Selected Tickets box.
- Optional: Click Create new Ticket to create a new ticket, specific to a response.
- Click Next to open the Attach File wizard page.
- Use one or more options below to attach files:
- Add a document: Allows you to upload a document from your local system.
- Add a link to a document in the repository: Allows you to provide references to a document collection in the document repository.
- Add a web link: Allows you to provide external references.
- Click Add.
Click Finish. The response is created and appears on the Responses tab of the Findings detail page, and on the Responses tab of Assessment Details page.
