Enable manual setting of reviewed/ needs review for diverse objects
S
Stefan L.
Especially in the weeks prior to the audit, we are facing the issue that we can't predict which risk or vendor will expire. This is causing a lot of manual effort in checking the objects one by one. It would be easier for us to have the option to manually (even bulk) change the status of the risks and vendors to "reviewed" or "needs review".
Created by Elżbieta Żurakowska
Grigory Emelianov
hi everyone, brilliant! I understand the pain point better. To reiterate - the major concern is:
Risks and vendors can expire any time. It's difficult to anticipate when your risk register will change the statuses because there is no way to know the expiration date and there is no way of getting a list of expiring soon risks/vendors. It's challenging because this requires you to update the platform at the time when you didn't plan it, creating manual effort, while you can only update expired risk instead of working through the whole list of risks (no option to reapprove atm). We will work on ideas how to remove this pain.
PS I don't think bulk re-approve of all risks that are 'expiring soon' is good solution for your compliance problem. Especially in risk register, it's not usually about just changing status, it's about reviewing if the risk has changed, maybe some tasks became completed, hence, reducing the risk and making use of your risk register. What do you think? Maybe I am wrong and you have specific case where bulk reapprove would work?
J
Jan W.
Grigory Emelianov Oh yes, that is not easy to implement.. I was talking about the "Manual Evidence" section, read the headline wrong.
S
Stefan L.
Grigory Emelianov Yes you understand my issue properly.
What we do as part of our ISMS is in addition to regular risk reviews (on demand) that we want to schedule a full risk review regularly (e.g. definitely before the annual audit). In this review we go through all the risks and review them and the treatment plan.
What we would like to do in that case is to "reapprove" them (one by one) even though they are still within the timeline. This would allow us to ensure that all risks are approved for the audit.
In addition, a filter for something like: risks needing re-approval in the next month would be helpful, if we would not have time to go through all risks.
J
Jan W.
I've the same issue and i think, it would be nice to have a filter or button "expire soon" that shows all items witch needs attention within 4 weeks.
It would also be good if you could see the expiration date in the overview.