You can create an exception plan for risks that you opt to accept.
To create an exception plan
Go to the Web console home page by using the following URL:
The default dashboards page is displayed.
Under the Dashboards tab in the left-hand pane, expand the category Risk and click Risk - Home.
The predefined risk panels under the risk dashboard are displayed.
In the panel, at any level in the drill-down, do one of the following:
Click Orientation Options and select Create Action Plan. Click on the element on which you want to define an action.
In the panel, right-click the risk element that you want to treat and select Create Action Plan.
The Analyze Risk page is displayed.
Check the assets for which you want to create an exception plan and click Create Exception Plan.
The Create Exception Plan page is displayed.
In the Plan Name field, type a unique name for the plan.
This field is mandatory.
In the Description field, type a description for the exception plan.
In the Assigned To field, type the name of the user to whom the exception plan is assigned.
Select a completion date for the security objective from the Complete By drop-down.
This date must be later than the current date.
In the Recommended Action field, type a recommended action.
Risk manager displays the values in the fields Security Objective, Asset Group, Initiated By, Current Risk Score, and Projected Risk Score.
Click the name of the security objective to view the end-to-end details such as overview, directly scoped assets, and controls.
Under the Risks for Exception tab, enter the following information:
In the Approver column, type the name of the user who is authorized to approve the risk acceptance.
In the Effective Till column, select a date until which the risk can be accepted.
In the Reason column, type a reason for accepting the risk.
In the Approve By Date column, select a date by which the approver must approve the accepted risks.
If the exception plan is control-based, expand the row to view the tests that are mapped to the controls and their source systems. Click on the test to view the remedy steps.
Expand the row to view the tests that are mapped to the control statement and their source systems. Click on the test to view the remedy steps.
Select the system to submit the exception plan from the Submit Via drop-down list. You can select either Email, Symantec Workflow, or Symantec ServiceDesk .
If you select Symantec Workflow, the Select Workflow drop-down list is displayed with a list of available workflows. Select the desired workflow for submitting the exception.
The system that you select overrides the default system that you may have selected under Settings > Risk Management.
Click Save to save the exception plan.
You can click Replan to go back to the Analyze Risk page.
If you have selected the default system as Symantec Workflow, click Submit to submit the exception plan.
If you have selected the default system as email, click Next to proceed to the Email Preview page. Preview the email contents and click Submit to send the email.
Risks for exception cannot be submitted by using Symantec ServiceDesk .
See Configuring a default system for taking action on risks
See Risk action - Workflow
See About risk action
See Taking action on risks - Remediation plan
See Managing remediation plan and exception plan
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.