What verifications are defined for policy definitions?
This description relates to the default definition of the configuration file and reports.
Report name
Verify semantics of policies
(Object type name is Policy in ARIS, policy definition in ARIS Risk & Compliance Manager)
Verifications to be performed
The report verifies whether:
- the Synchronize ARCM attribute is set to true. Only policy definitions for which this attribute is activated are considered.
- a policy definition is connected to exactly one policy owner group.
- a policy definition is connected to no more than one policy auditor group.
- at least one policy addressee group is connected if the policy is of the Confirmation required type.
- the publishing start date is after the start date of the publishing preparation period.
- the end date of the publishing period is after the start date of the publishing period.
- the end date of the publishing preparation period is after the start date of the publishing preparation period.
- the end date of the approval period is after the start date of the approval period.
- the approval period of the approvers is completely within the publishing preparation period of the owners.
- the mandatory attributes for the following objects are specified:
- Policy definition:
- Name
- Policy type
- Start date of publishing preparation period
- End date of publishing preparation period
- End date of publishing period
- Start date of approval period
- End date of approval period
- Confirmation duration if the policy is of the Confirmation required type
- Policy review task: