Exception Management
TrustedAgent provides abilities for organizations to evaluate and document alternatives to typical implementation of controls including compensating controls, control scoping, and controls using risk-based decision. TrustedAgent also offers capability to manage risk acceptance of corrective actions that require extent remediation beyond typical timeline, or are too costly or not technically feasible to remediate. These exception handling capabilities offer flexibility for organizations to address any identified risks.
Highlighted Features supporting Exception Management
- Compensating Control Support :: Indicate and document the use of compensating controls and the supporting compensating control information. Integrate into dashboard and reports. Offer flexibility and layered defense to support control implementation as required for several standards including NIST 800-53, PCI DSS, and NERC.
- Control Scoping :: Provide the ability to raise or lower the applicability of a control, or to make a control required from an optional applicability basis as required in FFIEC Tier I and Tier 2 controls or PCI DSS Level.
- Risk-based Decision Controls :: Controls can be documented and justified as risk-based decisions to support acceptance of risk where implementations may be costly, not feasible, or risk impact is insignificant to the organization. TrustedAgent also provisions for non-applicable controls and test cases to be eliminated from unnecessary evaluations saving substantial time. The action can be defined at control template level or at the specific control against an assessed entity.
- Handling of Risk Acceptance :: Provides several methods for managing risk acceptance through corrective actions.
Back to top