A response when created from within the Assessment Details > Responses tab overrides the compliance score and when created with the Add Finding Response action on the Assessment Details > Findings tab mitigates the finding score.
To Create a Response:
- In RiskVision Vendor Risk Manager, go to Assessments > Assessments. The Assessments page is displayed.
- Select an assessment to open its details page and display the General tab on the Assessment Details page.
Launch the New Response wizard using one of the following navigation:
Click the Findings tab and select Add Finding Response in the More Actions... drop-down list.
Or
Click the Control Results tab, select a control or subcontrol, and select New Response in the Actions... drop-down list.
In the Basic Details wizard page:
Expand the Response section, enter a name in the Title field, enter text in the Comments field to provide information about the need to create a response, select a value in the Response Action and Mitigation Status drop-down boxes, specify a date in the Start Date and End Date fields, and enter a name in the Owning Organization field.
Expand the Return of Investment section, enter a percentage value in the Risk Reduction (percentage) field to override the risk score, enter a value in the Implementation Cost field to forecast the implementation cost, and enter a value in the Time to Implement (in days) field to calculate the effort.
The risk score is reduced using the formula as follows: risk - risk - (risk * riskReduction). For example, if you have to override the risk score of 100 by twenty-five percent, the risk will be reduced to 75.
There are a number of response actions depending on the specifics of a finding. Response actions include:
- Compensate
- Mitigate
Click Next to continue.
The Reference Tickets wizard page appears. To link tickets, select the box next to the Link an existing or new Ticket with this Response option You can link an existing ticket or create a new ticket that will help track the response.
- Select existing Tickets. Select this option to link existing tickets. In the Available Tickets box, select the box corresponding to each row, and click >> so that tickets are moved to the Selected Tickets box.
- Create new Ticket. Select this option to create a new ticket, specific to a response.
Click Next to continue.
The Attach File wizard page appears. Use one or more options below to attach files:
- Add a document. Allows you to upload a document from your local system.
- Add a link to a document in the repository. Allows you to provide references to a document collection in the document repository.
- Add a web link. Allows you to provide external references.
Click Add followed by an option to upload a document or link.
Click Finish. The response is created and appears on the Responses tab of the Findings detail page, and on the Responses tab of Assessment Details page.
