You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
This is the second instalment on how Atlassian manages our risks and compliance obligations using Jira.
In Part 1 we created the issue types and the custom fields - now we need to create the workflows and the screen transitions.
We really tried to keep the workflows simple for all the issuetypes. The reason was that we often found ourselves clicking through workflow as a way of evidencing that work had been done - when the actual work had happened in a meeting with the business teams. If you need to add steps to evidence approval then put them in - but consider using comments as a way to make that easier on yourselves.
We tried to keep the information requested at each of the transitions really simple. We also made most of it non mandatory - the reason was that we wanted to get people using the system and capturing information - we then reported on the missing data and used that as an excuse to go and talk to people about their risks and controls.
|GRC_Control Activity Workflow||Activate||GRC_Control Activity Activate Screen||Summary|
|GRC_Control Effective Date|
|GRC_Control Test Workflow||Verified||GRC Control Test Verified Screen||Summary|
|GRC_Control Workflow||Activate||GRC Control Activate Screen||Summary|
|GRC_Exception Workflow||Approved||GRC Exception Approve Screen||Compensating Control|
|GRC_Policy Workflow||Approve||GRC Policy Approve Screen||Assignee|
|GRC_Risk Workflow||Active||RM Risk Active Transition Screen||Required Fields|
We will be sharing information on the control objectives that we have and how we went about building them - we have really enjoyed the risk and compliance journey so far and want to share our travel stories.
We hope you enjoyed this piece and would love to hear your risk and compliance stories as well.