Any assessments you run in the RiskVision application involve various objects available on the Configuration menu. You must carefully examine each object to decide up to what extent you will need it and then configure only the required options to meet the essence of your assessment because you may want to choose a different strategy for each assessment. The below list describes the objects you will want to configure before the assessments are launched:
- Workflows - Choosing an appropriate workflow other than the default workflows is possible through the user interface of assessment and policy creation wizards. If you want an exception, ticket, finding, and incident to follow a different workflow pattern, other than the default workflows, you must configure the selection criteria within those workflows. For more information on workflows, see the following topics:
- Escalation - Escalations are meant for tickets that are left unattended past thier due date so that the requestor, owner manager, or both can be made aware of the situation. For more information, see Creating an Escalation Configuration and Managing Escalation Configurations.
- Email Templates - The objects that notify stakeholders of a particular event typically use an email template. Several default email templates are available for selection or are already in-place to handle the notifications. If your organization prefers to follow the standard procedure for all its internal communications, you must design an email template. For more information, see Configuring E-mail Templates.
- Filters - A filter contains a set of conditions used by reports to match records, and dynamic groups to limit membership, and to limit user access, among other things. Filter types include Assessment, Dynamic Group, Entity, Exception Request, Incident, Program, Response, Risk, and more. For more information, see About Filters.
- Ownership Types - Ownership types link workflow stage stakeholders to the system users who are assigned to an entity or policy. This allows processes such as programs, tickets, and policy pack approval to run automatically. You can restrict which user can be assigned as a type of owner based on the user's role assignment. For more information, see About Ownership Types.
- Assessment Configuration, Entity Configuration, Findings Configuration, Vulnerability Risk Configuration, and Incident Configuration - Depending on the RiskVision application, a common threshold range criteria can be established for assessment, finding, vulnerability, risk or incident objects. When assessments are run, the risk, vulnerability and incident scores are derived according to the default range. Before you run any assessment, ensure that the threshold range is configured according to the assessment objective and meets auditing guidelines and policies. For more information, see Configuring a Threshold Range for Risk, Vulnerability and Incident Scores.
- Questionnaire Presentation Options - Instead of provisioning too many options in the questionnaire UI, you may want to consider creating a new questionnaire presentation option so that responders quickly get rid of the questionnaire without bothering with the options which might be of no worth for an assessment type. For more information, see Setting Questionnaire Presentation Options.
- Ticket Management Preferences - Usually, tickets are escalated when they pass the due date. You can add a disposition to avoid sending the escalation. For more information on setting the ticket preferences, see About Ticket Management Preferences.
