Tenacy allows you to manage your exemptions and remedy them through actions
Table of contents :
1. Exemption Management Process Schematic in Tenacy
2.2. Attach an exemption to a control
3. Take a decision through actions
📔 Definition:
An exemption is a temporary request or not to respect a security control.
1. Exemption Management Process Schematic in Tenacy
2. Creation of an exemption
Exemptions > Add a register > Add an exemption
2.1. Creation fields
- Name: Name of your exemption.
- Perimeter: on which perimeter your exemption applies.
- Date: Start and end date.
- Status: the status of a derogation may be :
- Requested - not yet reviewed/ granted
- Rejected - rejected as is, can be resubmitted after modification
- Granted - effective (deadline potentially exceeded)
- Closed - closed explicitly.
- Owner: Applicant for exemption.
🔎The owner may be someone who does not have a Tenacy account. To do this, select "external".
- Approver: Person making the decision on the exemption.
- Criticality: It is possible to have a simple scale or a AICP scale.
⚙️Wheel > Preferences > Incident.impact_mode
2.2. Attach an exemption to a control
📎You can link your exemption to the controls of your policies that are affected by those exemptions.
In your exemption > "Controls" tab > Select the control to add.
3. Take a decision through actions
🤔 Before taking any decision the exemption owner can put up an action plan.
💡 To facilitate your management of exemptions you can create user groups.
Implementation of an action
💡 A action register related to exemption actions will allow you to facilitate monitoring and reporting.
Action plans > Add a register
In your exemption > "Actions" tab > Add an action. You will then be able to add the register you create.
🔎 Once the actions have been completed, the owner of the exemption will be alerted in the Review section of Tenacy.