After the creation of a requirement (or possibly if the building block data changes) security surveys are sent to the affected building blocks owners. The purpose of these surveys: identification and rating of risks.
- Risk identification section
- Risk rating section
- Complete button
- Options of the assessment column
To complete a risk identification (1), the field assessment (4) must be filled, in case if assessment equals to "Does Not Apply" or "Exception", a comment has to be provided as well. Afterwards the risk identification may be completed (3).
Important: Once a risk identification is completed, the user cannot modify it anymore.
If the risk identification is completed with "Does Not Apply" or "Exception" assessment, a risk is created. This risk then has to be rated (2).
- Probability column
- Business impact column
- Actions column (complete button)
To complete a risk rating both probability(1) and business impact(2) need to be filled.
After that the user is able to complete the risk rating (3). Once all of the risk ratings and risk identifications are completed the security survey is solved, and the system automatically redirects the user to the start page.