How to manage your exemptions?

Tenacy allows you to manage your exemptions and remedy them through actions

Table of contents :

1. Exemption Management Process Schematic in Tenacy

2. Creation of an exemption

2.1. Creation fields

2.2. Attach an exemption to a control 

3. Take a decision through actions

 

📔 Definition:
An exemption is a temporary request or not to respect a security control.

1. Exemption Management Process Schematic in Tenacy

derog - en

2. Creation of an exemption 

Exemptions > Add a register > Add an exemption

Capture décran 2023-08-09 162534

exemption

2.1. Creation fields

  • Name: Name of your exemption.
  • Perimeter: on which perimeter your exemption applies.
  • Date: Start and end date.
  • Status: the status of a derogation may be :
    • Requested - not yet reviewed/ granted
    • Rejected - rejected as is, can be resubmitted after modification
    • Granted - effective (deadline potentially exceeded)
    • Closed - closed explicitly.
  • Owner: Applicant for exemption. 

🔎The owner may be someone who does not have a Tenacy account. To do this, select "external".

owner

  • Approver: Person making the decision on the exemption. 
  • Criticality: It is possible to have a simple scale or a AICP scale. 

⚙️Wheel > Preferences > Incident.impact_mode

2.2. Attach an exemption to a control 

📎You can link your exemption to the controls of your policies that are affected by those exemptions.
In your exemption > "Controls" tab > Select the control to add.

3. Take a decision through actions

🤔 Before taking any decision the exemption owner can put up an action plan.

💡 To facilitate your management of exemptions you can create user groups.

Implementation of an action 

💡  A action register related to exemption actions will allow you to facilitate monitoring and reporting. 

Action plans > Add a register

In your exemption > "Actions" tab > Add an action. You will then be able to add the register you create.

🔎 Once the actions have been completed, the owner of the exemption will be alerted in the Review section of Tenacy.