1. Using Advanced Controls
  2. Incident Status and State

Incident Status and State

If you're a result investigator for an incident, you can update status values to indicate the progress made toward the incident's resolution. These values include:

  • Assigned: Result investigators have been appointed to address the incident. With one exception, this is the initial, default status for an incident.

  • Accepted: Nothing need be done to resolve the incident.

    This is the one exception. A role assignment may be approved in Advanced Access Requests despite having violated an access control. If so, it generates incidents for which Accepted is the initial, default status. In any other circumstance, this status is available for you to select as an update to an earlier status.

  • Remediate. Some action must be taken to resolve the incident.

  • Resolved: Remedial action has been taken on the incident.

These status values suggest natural progressions, for example Assigned to Accepted, or Assigned to Remediate to Resolved. However, when an incident is at any of these statuses, you can select any of the others. For example, if you determine that an Accepted incident needs to be looked into, you can update it to Assigned.

The application may set additional statuses:

  • Control Inactive: An incident is no longer of concern because the control that generated it has been inactivated.

  • Closed: An incident has been resolved in the business application, so a subsequent evaluation of controls finds the incident need no longer be addressed.

A Closed incident may be reopened if circumstances warrant.

  • To close an incident generated by an access control, a security administrator may adjust a user's role assignments to reduce that user's access to an application. Later, the user's access may be restored. If so, when the control runs again, a new incident isn't generated. Instead, the status of the original incident is reset to Assigned.

  • Closed incidents that are reopened through a request in Advanced Access Requests are assigned the Accepted status. For each, the incident record includes comments written by the request reviewer and the request approver.

Not only does an incident have status, but it also exists in one of three states: In Investigation, Approved, or Closed. You can't directly set the state of an incident. When you change its status, however, the state may change:

  • If the status of an incident is Assigned, or you submit it at the Remediate status, its state is In Investigation.

  • If you submit an incident at the Accepted or Resolved status, its state is Approved.

  • If the status of an incident is Closed or Control Inactive, its state is Closed.

State matters because by default Results pages show pending results, which are defined as those at the In Investigation state. Use standard search features to cause Results pages to display incidents at the Approved or Closed state, if your roles give access to data at those states.