Situations may arise in an organization where you are unable to avoid certain SoD violations; this is where the Mitigation feature can be used to manage these instances in a systematic and controlled manner. For example, when a resource is on leave for a certain period of time, his/her activities may need to be performed by another resource that already has access to some activities which creates a violation. But if the short-term violation is reviewed and approved by the organization, a "mitigation" of the risk has taken place. So when the audit is run, you can see who has mitigated, the reason for the Mitigation, and the time period of the Mitigation.
The status of the Mitigation can be changed to Active or Inactive depending on the organizational requirement. Note that if you inactivate an already active Mitigation, then you must click on the + button and then give the reason for the inactivation and save it.
Step-by-step guide
Navigate to Smart Solutions → Segregation of Duties → Maintenance → Add/Update Mitigations
...
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Page Properties | ||
|---|---|---|
| ||
|
...