Hi Everyone:
I have 2 SAP systems A & B connecting to GRC 10.1. System A connects to GRC via connector A and system B connects to GRC via connector B. Each system A & B has its own ruleset. Two ruletsets of A & B are appended to each others (with separate connector) and are called with one unique name "Global" in GRC. So, I have only one ruleset ID, which is Global, in GRC.
If users want to run ARA SOD analysis on A, they select ruleset Global with connector A (field System). Similarly, to run SOD report on B users select ruleset Global with connector B.
Now, due to auditor's request, client wants to customize the level of risk ID in system B --- but not affecting A.
For example: risk ID M004 has default risk level as Medium. Client wants to keep level Medium for M004 in A but want to change risk level to High for same risk M004 in B.
At risk level set up (Low, Medium, High) it does not have the place specifying connector A or B.
What is the best approach to accomplish this requirement (since we have only one ruleset called Global) ? Thank you for your advices.
Best Regards,
Andy