Risk Acceptance Approval Matrix Updates
Why is this change being made?
This update re-works the Risk Acceptance Approval Matrix to the following:
| Risk Level | Approval Level Required |
|---|---|
| HIGH | Risk Owner + Director Level Approval* |
| MODERATE | Risk Owner + Manager Level Approval** |
| LOW | Risk Owner + Risk & Field Security Team Member |
-
*If the Risk Owner is a Director, no additional Director level approval is required -
**If the Risk Owner is a Manager, no additional Manager level approval is required
This change is being made to streamline the acceptance process and reduces the amount of approvals needed to be obtained without sacrificing the visibility at each risk level.
Author Checklist
-
Provided a concise title for the MR -
Added a description to this MR explaining the reasons for the proposed change, per say-why-not-just-what -
Assign this change to the correct DRI - If the DRI for the page/s being updated isn’t immediately clear, then assign it to your manager.
- If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies.
- If the changes relate to any part of the project other than updates to content and/or data files please make sure to ping
@gl-static-site-editorin a comment for a review and merge. For example changes to.gitlab-ci.yml, JavaScript/CSS/Ruby code or the layout files.
Edited by Meghan Maneval