Control indicators provides a way to monitor control objective /risk Statement automatically and collects the relevant data for auditing purposes.
Control indicators can be Manual, Basic, Scripted.
Manual, Basic indicators are fairly straight forward and scripted ones tare the ones hat I am going to go through in this article.
Why and when scripted indicators required ?
Scripted indicators provides a way read the data from any part of within the platform or through integrations outside of the platform and interpret the data to derive to a conclusion whether an Item is still effective.
Objectives available for scripting :
result: After the data collection and data interpretation once we determine the outcome and supporting data for the outcome we will have to set this values to the result variable
For example:
result.passed = true;
result.value = 500;
result.supportingDataIds = [id1, id2, ...]
Notes:
- result.passed expects either the pass or fail at the end. you must set one of this value
- result.value, this is for the auditing purpose, A Value that can help you understand end result
- result.supportingDataIds , Array of record sys_ids from the table that has been selected in the Supporting Data table.
current: The item that being monitored (Conrol Objective/Risk Statement) from the control indicator definition is available for access as current object
Example:
Below example indicator is defined to run weekly to verify f incidents created last week have meaningful description for a particular business service.
The current object is used to fetch information of the the profile/entity the control objective is associated with.
Once we have the entity from the current, navigating there on to a business service that the profile is defined on to.
Once we have the business service, applying that in the encoded query to fetch incidents related business service created with in last 7 days and verifying if all those incidents have meaning description.
The variable i.e count is used to track the number of incidents that did not meet the criteria , and at the end it is being used to set the result variable.
Below example indicator is defined to run weekly to verify f incidents created last week have meaningful description for a particular business service.
The current object is used to fetch information of the the profile/entity the control objective is associated with.
Once we have the entity from the current, navigating there on to a business service that the profile is defined on to.
Once we have the business service, applying that in the encoded query to fetch incidents related business service created with in last 7 days and verifying if all those incidents have meaning description.
var count = 0;
var profile = current.profile || {};
var applies_to = profile.applies_to;
var supportingDataIds = [];
var query = 'sys_created_onRELATIVEGE@dayofweek@ago@7';
//created relative 7 days ago
query = query + '^business_service=' + applies_to;
var table = 'incident';
var inc = new GlideRecord(table);
inc.addEncodedQuery(query);
while (inc.next()) {
if (((inc.short_description + '').toString().length < 10) ||
((inc.description + '').toString().length < 20)) {
count++;
supportingDataIds.push(inc.sys_id + '');
}
}
if (count > 2) { //Mark failed id more than 2 incident records found
result.passed = false;
result.value = count;
result.supportingDataIds = supportingDataIds;
} else {
result.passed = true;
result.value = count;
}
The variable i.e count is used to track the number of incidents that did not meet the criteria , and at the end it is being used to set the result variable.
No comments:
Post a Comment