0
30.5.1
Australia, Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu
Standalone Application
The Exception Management application has been updated to support both risk increases and risk decreases through the Compensating Controls workflow. Previously, users could only request a reduction in risk rating when submitting a compensating control exception. This update removes that restriction, giving security teams full flexibility to adjust risk ratings in either direction as part of their exception management process.
- Submit a compensating control exception requesting either a risk increase or a risk decrease
- The risk rating dropdown only shows options other than the current rating, preventing invalid no-change submissions
- Users cannot submit the form if the desired rating matches the current rating
- Approval records are automatically categorized as "Risk Increase," "Risk Reduction," or "Risk Change" based on the direction of the request
- The exception request form label updated from "Request for Risk Reduction" to "Request for Risk Change" to reflect the broader capability
Changed:
- Renamed "Request for Risk Reduction" to "Request for Risk Change" throughout the exception request form to better reflect the ability to request both risk increases and reductions.
- Risk rating dropdown now prevents selecting the current rating to avoid invalid submissions.
- Approval records now track whether a risk change request is for an increase, reduction, or general change.
- No additional system requirements. This update is fully compatible with existing Exception Management and Compensating Controls configurations