Camms is pleased to bring you the Quarterly Product Update Notification for the Camms.Risk solution. 

This quarter we've got exciting enhancements to improve the user experience within the system, which will be available in your Test environment on 20 January 2024 and will be available in your Live environment on 10 February 2024.  

Please Note: In order to ensure optimal performance and compatibility with the latest updates, we highly recommend clearing the cache after implementing each new release. To learn more about caching and how you can best manage it, please refer our comprehensive article HERE.  

List of items

1. Introducing an approval process for Risk Reviews

2. Introducing an approval process for Risk Actions 

3. Introducing the Offline Report Generator for Risk Reports

4. Introducing a new parameter; 'Control Status' into the Risk Heatmap Report

5. Security Enhancements

This will enable the user to authenticate an approval process for risk reviews prior to the confirmation of the review cycle, ensuring all the nominated risk review approval authorities for a particular risk have validated the risk review and is in accordance with the risk management plan.

How do you configure this? 

• A new setting has been introduced in the Administration > Configuration area.            

            Figure 1.1: Navigate to Configuration

To turn on the Risk Review Approval process, the System Administrator should tick the setting for 'Enable the Risk Review Approval process'. Please note that the user should have Administrator permission to turn on this setting.

Figure 1.2: Enabling Risk Review Approvals in Configuration

• The Risk Review Approval can then be turned on via Risk Settings > Approvals > Risk Review Approvals > Enable Risk Review Approvals. Toggle the setting in ON position to activate the Risk Review Approval.

Figure 1.3: Enabling Risk Review Approvals in Risk Settings

Figure 1.4: Submitting a Risk Review for Approval

• Once the risk review approval process has been enabled, it cannot be disabled in case there are risk records that are pending risk review approvals.
• The Risk Review Approver should have the 'Risk Review Approver' permission ticked in order to approve a risk review.

Figure 1.5: Risk Review Approver permission

How does this work? 

• This enhancement facilitates the sequential approval process for all risk types. Users now have the capability to designate risk review approval authorities for the comprehensive risk review approval process and subsequent approval or rejection of the risk reviews. Risk Review Approvers can conveniently approve/reject the risk reviews assigned to them either from their MQU page or on the Risk Review tab from within the risk workflow. 

Figure 1.6: My Risk Review Approvals 

Figure 1.7: Approving/Rejecting Risk Reviews

• Furthermore, risk review approval summary grid will be shown in the Approvals tab of that particular risk. 

Figure 1.8: Risk Review Approvals Summary Grid

• Email triggers can be set up for the submission and approval scenarios as required. 

Figure 1.9: Risk Review Approvals Email Triggers

Coming Next:

Currently, the below scenarios are under development and will be communicated until further release.

• Concurrent risk review approval process 
• Configurability of the risk review approval process per risk type. 
• Editability of the risk ratings by the risk review approvers during the review approval process.

This will enable you to authenticate an approval process for risk actions prior to their creation to ensure all authorities have validated and is in effect with the risk mitigation plan.

How do you configure this? 

• This will be enabled via a backend setting on request. 
• Once this is configured, this cannot be disabled.

How does this work? 

• Once the risk action approvals setting is enabled, you can now have a sequential approval process where users can be declared as an approval authority and users who have the authority to add actions will be considered as submitters. Pending approvals are confidential, visible only to the relevant submitter/approver.  
• Risk Action Approvers can conveniently approve/reject the risk actions assigned to them either from their MQU page, from the action itself within the respective risk or even the quick risk action search. All approval authorities will have their own 'My Risk Action Approvals' bubble to approve/reject their risk actions at ease.

Figure 2.1: My Risk Action Approvals

• An Approval Summary grid will be visible beneath the action details page, and an approval status will be displayed for all users within the risk action grid.
• Additionally, the complete history of the approval process is seamlessly captured within each action. 

Figure 2.2: Risk Action Details View Prior to Submitting

Figure 2.3: Risk Action Grid View

• Email triggers can be set up for the submission and approval scenarios as required to notify the submitter/approvers at ease.  

Figure 2.4: Risk Action Approvals Email Triggers

Coming Next:

Currently, the below scenarios are under development and will be communicated until further release.

• Concurrent approval process
• General users cannot view risk actions which are pending for approvals.
• More configurability in terms of handling risk action approval process.
  

This offline report generator functionality will enable you to generate risk reports in the background of the application, eliminating the need for you to stay on the report page until the report is fully retrieved. 

In an instance where the report takes a considerable amount of time to generate, this feature comes in handy as it lets you engage in other tasks while the report is being generated in the background. However, if a timeout occurs while the report is being generated, the report generation will be failed in the same way it does at a timeout in the usual report generation method.

How do you configure this?

• This will be enabled through an internal setting by Camms Support team upon request. 

• By default, this is disabled.

How does this work?

• The "Export Offline" button will appear at the bottom of the report parameter page. 

Figure 3.1: Export Offline button in the filter page

• After clicking the "Export Offline" button, a pop-up will appear, stating that the report can be accessed via a report download page.

Figure 3.2: Pop-up massage

• To monitor the progress or the status (Pending, Completed Or Failed) of the report being generated by the system, you can navigate to the "My Downloads" menu. Mega Menu > Workspace > My Downloads 
  • After the generated report has been downloaded and the notification email has been sent to the user, the status will be shown as 'Completed'. During the time it takes for the email to be sent, the status will be 'Pending'. If there are timeout errors or access permission failures during the report generation, the status will be shown as 'Failed'.
  • The 'Download' button will be visible to the user only when the report is in 'Completed' status. When it's in 'Pending' or 'Failed' status, the download button will not be visible.
  • Upon clicking the 'Delete' button, the report will be deleted from the interface. (The delete button will only remove the record from the interface. It would not make any changes to the physical file or the table.)
  • Reports are sorted by date, with the most recent date and time appearing on top. Each page will consist of a maximum of 10 records.

Figure 3.3: My Downloads Page

• Once the report generation is complete, an email with a link to download the generated report will be sent to the requested user.

  
  

  

  Figure 3.4:  Email with the downloadable link

• You can download the generated report by either clicking on the download link or navigating to the "My Downloads" page. 
  • If you have logged in using the same browser and is authenticated, clicking the link will direct the user to the page below, where they can download the report by clicking the 'Download' button. 
    Figure 3.5:  Report Download Page
  • If you have logged out of the application or opened it in another browser, you will be redirected to the login page to enter login credentials.                                        Figure 3.6:  Sign In Page
    
  • If you're using the SSO (Single-Sign-On) feature, the SSO page will be presented to you where you could enter the relevant data and sign in to the application.                                   Figure 3.7:  SSO Sign In Page
    
  • After authenticating, you will be redirected to the same page where you can download the report.
    
• Unauthorized users will be unable to download the generated reports, even with access to the email link. 

The new parameter named 'Control Status' which will be introduced into the Risk Heatmap Report will enable you to filter the control records linked with each risk by the Active/Inactive status of the control. Default value will be set to 'Active' hence only the active controls will be retrieved into the Risk Overview section of the report.

Figure 5.1: Risk Heatmap Report Filter Page

At Camms, we are committed to enhancing the security of our application. After thorough assessment, we have identified an opportunity to improve authentication token security. This involves the introduction of one-time tokens, these unique tokens are designed to provide an additional layer of protection against potential unauthorised access and with reduced expiration periods of those tokens, serving as mandatory security enhancement.

These measures represent a crucial and effective security enhancement, demonstrating our dedication to proactive security measures.

Benefits of secure tokens:

• Security: By encapsulating user identity and permissions, secure tokens reduce the need to transmit sensitive data with each request, minimising the risk of interception and unauthorised access.
• Statelessness: Secure tokens enable stateless authentication, meaning the server doesn't need to keep a record of tokens. This simplifies the architecture and scalability of applications.
• Flexibility: JSON Web Tokens (JWTs) are widely supported and can be used in a variety of applications, from web to mobile and even IoT devices.