version 7.4.0 ibm openpages...

IBM OpenPages GRCVersion 7.4.0

New Features Guide

IBM

Note

Before using this information and the product it supports, read the information in “Notices” on page 117.

Product Information

This document applies to IBM OpenPages GRC Version 7.4.0 and may also apply to subsequent releases.

Licensed Materials - Property of IBM Corporation.

© Copyright IBM Corporation, 2003, 2018.

US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP ScheduleContract with IBM Corp.

iv IBM OpenPages GRC Version 7.4.0 : New Features Guide

Contents

Note...................................................................................................................................iii...........................................................................................................................................ivIntroduction......................................................................................................................ix

Chapter 1. New features in version 7.4...........................................................................1Platform enhancements ........................................................................................................................... 1

Cognos Analytics 11 integration ......................................................................................................... 1Framework enhancements for self-service reporting ..........................................................................2Enhancements to creating new framework model definitions............................................................. 5Loading ObjectManager XML Files in the Admin UI............................................................................ 6Expanding the number of fields available to object types................................................................... 8Improving lifecycle initialization ...........................................................................................................8Maintaining personalizations................................................................................................................9

Solutions enhancements .......................................................................................................................... 9New vulnerability object in IBM OpenPages IT Governance............................................................... 9Rate controls based on questionnaire responses..............................................................................10Fully configured OpenPages Docker image.......................................................................................11

Administration and serviceability enhancements ................................................................................... 12Managing system files....................................................................................................................... 12Enhancements to user provisioning...................................................................................................13Installation enhancements ................................................................................................................ 18API enhancements ............................................................................................................................ 20

Supported software.................................................................................................................................21

Chapter 2. New features in version 7.3.0.2...................................................................23Platform enhancements ......................................................................................................................... 23

Object association suggestions using cognitive classifications ....................................................... 23Integration with IBM Regulatory Compliance Analytics ....................................................................25Configuring URL link names by using the rich text display type for simple strings...........................26Copy views to profiles........................................................................................................................26

Administration and serviceability enhancements.................................................................................... 30

Chapter 3. New features in version 7.3.0.1...................................................................33IBM OpenPages GRC on Cloud update..................................................................................................33Platform enhancements ......................................................................................................................... 33

Taxonomy suggestions using cognitive classifications .....................................................................33Integration with IBM Business Process Manager.............................................................................. 35Questionnaire assessments............................................................................................................... 36IBM OpenPages GRC SDI Connector for UCF Common Controls Hub............................................37

Solution enhancements ..........................................................................................................................39Administration and serviceability enhancements.................................................................................... 41

Chapter 4. New features in version 7.3.........................................................................43Platform enhancements ......................................................................................................................... 43

Integration with IBM Business Process Manager.............................................................................. 43Global search enhancements............................................................................................................ 45New Dashboard tab on the Home Page............................................................................................ 50Multiple profiles..................................................................................................................................51Compound search on first and last names in the actor picker.......................................................... 52Enhancements to the Filtered List View and Grid View..................................................................... 53

v

Enhancements to the Detail View and Activity View..........................................................................61Solution enhancements ..........................................................................................................................63

IBM OpenPages Vendor Risk Management ......................................................................................63IBM OpenPages Operational Risk Management .............................................................................. 64

Administration and serviceability enhancements.................................................................................... 66Maintaining personalizations..............................................................................................................66FastMap import performance improvements.....................................................................................66Collect and view logs.........................................................................................................................66Supported software........................................................................................................................... 67OpenPages APIs................................................................................................................................ 67

Chapter 5. New features in version 7.2.0.4...................................................................69

Chapter 6. New features in version 7.2.0.3...................................................................71Changes to IBM DB2 conformance ....................................................................................................... 71

Chapter 7. New features in version 7.2.0.2...................................................................73OpenPages Loss Event Entry..................................................................................................................73Business Entity Selector..........................................................................................................................75

Chapter 8. New features in version 7.2.0.1...................................................................79The OpenPages approval app.................................................................................................................79New fix pack installation and deployment method................................................................................. 83New global search enhancements.......................................................................................................... 83New configurable lifecycles.....................................................................................................................83

Chapter 9. New features in version 7.2.........................................................................85Solution enhancements...........................................................................................................................85

IBM OpenPages Regulatory Compliance Management.................................................................... 85IBM OpenPages Model Risk Governance......................................................................................... 85IBM OpenPages Operational Risk Management............................................................................... 86IBM OpenPages IT Governance........................................................................................................ 86IBM OpenPages Internal Audit Management.....................................................................................87

Platform enhancements.......................................................................................................................... 88Installation and conformance enhancements.................................................................................... 88Lifecycles........................................................................................................................................... 89Questionnaire assessments............................................................................................................... 90Analytics bar.......................................................................................................................................92Global search..................................................................................................................................... 93Connector strategy ............................................................................................................................94Enhancements to the Add New wizard .............................................................................................94Enhancements to filters and views.................................................................................................... 97Personalized home page .................................................................................................................106API enhancements........................................................................................................................... 107

Chapter 10. New features in version 7.1.....................................................................109New method for adding objects ...........................................................................................................109Field level security and data encryption................................................................................................110Simplified and more intuitive user interface for selecting users and groups.........................................111Integration with OpenPages Capital Modeling .....................................................................................112Entitlement for IBM Security Directory Integrator..................................................................................113Control over the object parent information when exporting data......................................................... 113Enhanced usability of the home page lists............................................................................................113Task oriented hyperlinks .......................................................................................................................114Task focused home page...................................................................................................................... 115Speed improvements for administrators............................................................................................... 116

vi

Notices...........................................................................................................................117

vii

Introduction

You can view a list of the new features of IBM® OpenPages® GRC Platform.

Audience

The IBM OpenPages GRC New Features Guide is intended for users who want to learn about the newfeatures in the latest version of IBM OpenPages GRC Platform. For more information about new andchanged features, see the specific product documentation, such as installation guides and user guides.

Please read the following important information regarding IBM OpenPages GRC documentation

IBM maintains one set of documentation serving both cloud and on premise IBM OpenPages GRCdeployments. The IBM OpenPages documentation describes certain features and functions which maynot be available in OpenPages GRC on Cloud. For example, OpenPages GRC on Cloud does not includeintegration with IBM Business Process Manager and certain administrative functions.

If you have any questions about the functionality available in the product version that you are using,please contact IBM OpenPages Support via the IBM Support Community.

Finding information

To find product documentation on the web, including all translated documentation, access IBMKnowledge Center (http://www.ibm.com/support/knowledgecenter).

To find videos about how to use IBM OpenPages GRC Platform, see IBM OpenPages support anddocumentation videos (https://www.youtube.com/channel/UCT-cKCZI7V5TY7wmPYYXXLg).

Accessibility features

Accessibility features help users who have a physical disability, such as restricted mobility or limitedvision, to use information technology products. IBM OpenPages GRC Platform documentation hasaccessibility features. PDF documents are supplemental and include no added accessibility features.

Forward-looking statements

This documentation describes the current functionality of the product. References to items that are notcurrently available may be included. No implication of any future availability should be inferred. Any suchreferences are not a commitment, promise, or legal obligation to deliver any material, code, orfunctionality. The development, release, and timing of features or functionality remain at the solediscretion of IBM.

https://www.ibm.com/mysupport

http://www.ibm.com/support/knowledgecenter

http://www.ibm.com/support/knowledgecenter

https://www.youtube.com/channel/UCT-cKCZI7V5TY7wmPYYXXLg

https://www.youtube.com/channel/UCT-cKCZI7V5TY7wmPYYXXLg

x IBM OpenPages GRC Version 7.4.0 : New Features Guide

Chapter 1. New features in version 7.4

The new features in IBM OpenPages GRC Platform 7.4 include the following enhancements.

Platform enhancementsEnhancements to functionality are included in this version of IBM OpenPages GRC Platform.

Cognos Analytics 11 integrationCognos Analytics integrates reporting, modeling, analysis, dashboards, stories, and event managementso you can understand your organization's data, and make effective business decisions. CognosAnalytics reporting and dashboarding features help virtually anyone help virtually anyone can use tocreate informative, engaging visualizations without needing help from IT.

Experience IBM Cognos Analytics, an interactive way for virtually anyone to find, explore, and share data-driven insights in a governed environment. Find precise and timely answers from your data or fromcontent built by others. Create compelling reports and dashboards, which you can easily distributethroughout your company. Use automated alerts to monitor changes to key findings. And confidently andquickly take actions to improve your business.

Key benefits of Cognos Analytics include

Reporting and visualization features include

• a contextualized smart search

• an intuitive interface that helps all users quickly author content

• dashboards that can be created using drag-and-drop on a mobile device or the desktop

• a tool to automatically recommend the best visualizations to be used for particular data

• templates and styles (which will let you format reports instantly)

• on-demand menus that provide access to full capabilities over a clean workspace

• a single interface for creating ad hoc or pixel-perfect reports, freeing up IT skilled resources

Integration with Cognos Analytics, together with the reporting framework enhancements, combine to forma powerful capability for end users to create their own reports. In addition, a new application permissionallows you to control end-user access to a single Cognos Analytics reporting menu item.

Framework enhancements for self-service reportingOpenPages reporting framework has been enhanced. It now supports multiple framework models,including both Compatible Query Mode (CQM) and Dynamic Query Mode (DQM) for Cognos queryengines. It also supports a new basic format optimized for business users.

Multiple framework model support provides

• any number of models to be defined

• smaller models, which are easier to use, faster to generate, produce faster reports

• target models to solutions or roles

• faster and parallel generation

• the ability to generate only models that have changed

• migrate easily to multiple models at your own pace (by grouping namespaces)

Figure 1: An example of multiple framework models

A business user can create a loss event dashboard in minutes, using a framework model focused on lossevent reporting.

Figure 2: Loss event dashboard

2 IBM OpenPages GRC Version 7.4.0 : New Features Guide

Support for CQM and DQM provides several advantages:

• DQM is the IBM Cognos 64 bit query engine. It is more scalable and provides better performance forsome reports.

• CQM greatly reduces the need to remediate existing reports.

• Many new IBM Cognos Analytics 11 features require and benefit from DQM models.

• Each framework model can support either the CQM or DQM query engine.

The basic framework format is optimized for business users:

• provides a direct view of GRC objects, removing folders for query subjects and data items.

• simplifies the view of business entity and other recursive object types

• reduces data items to typically one per field, providing only base amounts for currency fields and onlylocalized values for enumerated fields

• filters fields by profile (also for standard formats) to give a consistent view of an object

• supports drag-and-drop access to issues and other secondary object types

• completely backwards compatible; standard format is still available

A simplified basic format provides drag-and-drop access to secondary objects like issues (highlighted bythe red stars in Figure 3 on page 3). Users can then include them in their reports.

Figure 3: Simplified basic format

New features in version 7.4 3

You can also specify the profile and format for each framework model, providing a simplified, consistentview of an object.

Figure 4: Profile and format for each framework model

Other framework enhancements include the following:

• the ability to specify sorting locale for a report author

• token-based authentication requiring no regeneration of the framework when changing the superuserpassword

• performance optimizations on enumerated field joins

The simplified framework in combination with IBM Cognos Analytics 11 makes creating visualizationssimple.

Figure 5: Example of a visualization

Table 1: Benefits of Cognos Analytics 11 and the enhanced reporting framework

Feature Helps with

IBM Cognos Analytics 11 • innovative next generation business intelligenceand data exploration, self-service reporting, andeasy-to-build powerful dashboards


Table 1: Benefits of Cognos Analytics 11 and the enhanced reporting framework (continued)

Feature Helps with

Multiple framework models • run-time and framework generation performance

• enhanced focus for self-service reporting bybusiness users because having multiple modelsallows each model to be smaller

DQM • improved 64-bit IBM Cognos engine andperformance

• maintenance of CQM support to minimizeremediation of existing reports

Basic framework format • a simpler data model and simplified businessentity format for easier self-service reporting bybusiness users

Profile filtering in framework • consistent view of data across application and inreporting

Enhancements to creating new framework model definitionsNew framework model configuration can be confusing, error-prone, and time-consuming because itrequires the administrator to create many new registry entries in a very specific structure. This is currentlydone by working with ObjectManager XML or by manually adding the entries through the administrationuser interface.

To simplify this experience, you can use the Template_Model framework model to quickly create newframework models and namespaces. The template model contains default values for settings and onenamespace, TEMPLATE_NAMESPACE. To use it, you make a copy of the Template_Model folder andmodify the settings to meet your needs. You can give the folder a name that is meaningful to you.

Template model registry entries are contained in the folder Settings > Platform > Reporting FrameworkV6 > Models > Template_Model. During the copy operation, you can rename Template_Model, and thefolder will have all of the settings that were present in Template_Model.


Figure 6: Settings provided under the Template_Model framework model

Loading ObjectManager XML Files in the Admin UIIn previous versions of IBM OpenPages GRC Platform, ObjectManager would be run from the commandline to load any configuration changes. This required server access and full OpenPages JVM initialization.A privileged user can now load ObjectManager XML files directly using the administration user interface,without needing file system level access.

Previously, Import Configuration accepted ObjectManager files, but only in a JAR package with amanifest file. ObjectManager XML files can now be directly imported, enabling quicker loading of fileswithout a requirement to have file system access. New information types can now be loaded that were notpreviously supported by Import Configuration.


Figure 7: New import functionality on the Import Configuration page

Information types that can be loaded through ObjectManager but were not previously supported byImport Configuration include:

System data (typically loaded during install)

• file types (for example, ppt, xls, doc)

• application permissions

• currencies

• channels

• locales

User-related information

• users and user groups

• group memberships

• user associations to profiles

• user preferences

• role templates

• role assignments

• delegated administrators

Instance data

• instance data (for example, risk and control objects and field values)

• parent and child relationships

Other

• currency exchange rates

For example, you could use Import Configuration to import the following XML file that creates or updatesan application text key and its value. The XML file name must end in op-config.xml.

<?xml version="1.0" encoding="UTF-8"?><openpagesConfiguration xmlFormatVersion="1.24"> <applicationStringKeys> <applicationStringKey name="sample.test.string1" description="" enabled="true" category="Titles" value="Test String 1 Loaded Value" suppliedByVendor="true" overriddenByUser="false" /> </applicationStringKeys>


</openpagesConfiguration>

The ability to import ObjectManager XML files through Import Configuration is disabled by default. Toenable this feature, set the registry entry at /OpenPages/Applications/GRCM/Environment Migration/AllowObjectManager XML to true.

Expanding the number of fields available to object typesThe number of fields that can be associated with any one object type has been doubled. The previouslimit was approximately 200 but was heavily dependent on factors such as type of field and length of fieldname. Once this limit was reached, it was a complex manual operation to remediate.

Use this expanded capability sparingly; consider the complexity of asking your users to fill in or reviewmany more fields of information.

Improving lifecycle initializationLifecycle initialization can now be configured to include an email notification, including its content andattributes. This allows different lifecycles to have different initial assignees, which was not the case in priorreleases.

For example, in a vendor risk management use case, if there are two different types of questionnaires,each will need to be answered by different assignees. In this case,

• the internal vendor classification questionnaire would be sent to the vendor owner:

– assignee for the initial stage: vendor owner

• the vendor self-assessment questionnaire would be sent to the contact at the vendor: assignee for theinitial stage: vendor contact

– assignee for the initial stage: vendor contact

Figure 8: Vendor-Assignee relationships

For more enhancements to the questionnaire capability, see “Rate controls based on questionnaireresponses” on page 10.


Maintaining personalizationsRecently Used information for actor pickers (user and user group selectors) now persists in the database.Previously, this information persisted in the browser.

Clearing browser information or switching browsers or devices will not affect the personalization of recentselections made to users or user groups.

Solutions enhancementsEnhancements have been made to the IBM OpenPages IT Governance solution and to the questionnairecapability. In addition, a configured Docker image of OpenPages is provided, which will allow you to havea fully functional OpenPages 7.4 environment up and running in under an hour, and which can be used tolearn about new product capabilities.

New vulnerability object in IBM OpenPages IT GovernanceA vulnerability object is now available for the IBM OpenPages IT Governance solution. This can be used tocapture weaknesses or vulnerabilities related to resources, such as penetration testing results, automatedasset vulnerability scans, and automated configuration scans. And it provides a way to track each of theseto closure.

The default configuration includes fields that support the Common Vulnerability Scoring System (CVSS).CVSScan capture the principal characteristics of a vulnerability and produce a numerical score. This helpsto prepare you for integration with third-party solutions. For example, you could build or use existing SDIconnectors that pull severe vulnerabilities from your IT operational systems that have not met targetedtimeframes.

Figure 9: Vulnerabilities can be captured against resources and IT incidents


Rate controls based on questionnaire responsesNew association functionality now allows you to map one or more question templates to specific controls.This gives you the ability to automatically rate controls, or report on controls, by aggregating the questionand answer scores at the control level.

Figure 10: Associating a question template with a control allows the control status to be based uponaggregated responses


Figure 11: Encryption question template associated with an encryption control

The enhancements to a configurable lifecycle allow for greater control over the lifecycle of questionnaires.For more information, see “Improving lifecycle initialization ” on page 8.

Fully configured OpenPages Docker imageA fully configured OpenPages Docker image is provided with IBM OpenPages GRC Platform 7.4.0. A usercan deploy an OpenPages 7.4.0 environment to get familiar with new product capabilities in under anhour.

Why Dockerize OpenPages?

• rapid deployment of a fully functioning OpenPages environment within 30 minutes

• accelerated release and feature evaluation and adoption

• simplified maintenance: Docker image reduces effort and the risk of problems with applicationdependencies

• flexible deployment with portability across machines: laptop, VM on a single stack, multistack, andhosted infrastructure

• easy artifacts (Dockerfile, scripts) sharing

Capabilities provided by OpenPages Docker image

• platform and all solutions and all major components (IBM WebSphere Application Server [WAS], IBMCognos, IBM DB2, global search, and IBM Business Process Manager [BPM]) with up-to-dateconformance

• configured for secure connections (https on application, and SSL for database access) and close toreality setup (for instance, removed "/openpages" from the application URL)

• single and two host (database on a separate host) deployment options that enable the flexibility of thedatabase server in various ways (such as a physically installed database, a containerized database, ordatabase as a PaaS service)


• includes a script to commit OpenPages Docker containers as images. This is to record the state of eachof the containers as new Docker images, enabling later re-use or distribution to other users

• includes database content, openpages-storage content, solution triggers, helper JSP files, and othercontent

• includes sample users and sample instance data

• for non-production environments, uses a development environment license

Administration and serviceability enhancementsSeveral enhancements have been made to help you administer, maintain, and support IBM OpenPagesGRC Platform.

Managing system filesIn previous releases, system files were managed in the OPX administrative interface. In OpenPages 7.4.0,these functions are moving to the primary administration user interface.

When you add a system file type (for example, SysXMLDocument or MigrationJAR) to the profile of a userwho has administrative privileges, the user sees that system file type in the Administration menu.

A new ready-to-use profile, OpenPages Platform 3, includes all of the system file types. Using this profile,an administrator will have the menu items and will use the Detail, Folder and Filtered List views to managethe object types. Add this profile to the list of available profiles for your administrators who managesystem files. You won't be able to view or manage these system file object types unless you are using aprofile which includes them.

Figure 12: Accessing system files from the administration user interface

Finally, a new registry setting allows you to temporarily enable management of system files in the existingOPX interface.


Enhancements to user provisioningThe provisioning of users in OpenPages has been reimagined. An administrator can now easily find andmanage a user, including their attributes and permissions, in one place. In addition, an administrator cancreate a user in seconds, without manually entering values.

A new Administration menu item provides access to a user-provisioning landing page. This is used forfinding and modifying existing users and their permissions and for creating new users.

Figure 13: Users menu item on the Administration menu

Figure 14: User provisioning landing page

Creating new usersCreating a new user in OpenPages is now a simple task. To help reduce errors, you can now autopopulate user information from your LDAP server, and you can copy information from an existing user or atemplate user to a new user.

Figure 15: Process flow for creating a new user

Figure 16: Step 1 - Find the user on the LDAP server.


Figure 17: Step 2 - Autopopulate names, description, and email.

Figure 18: Step 3 - Select a user to copy from and auto-populate locale, profiles, group memberships, roleassignments, and reports access.


Figure 19: Step 4 - Save the user. The user is created and the user detail page appears.

Copying access from one user to anotherHave you ever wanted to create or update a user to have the same permissions as another user? Apowerful new feature in OpenPages provides this capability. Copy Access From can be configured toallow copying user information such as Locale, Profiles, Group Memberships, Role Assignments andReports Access from an existing user or from a template user to an existing user or to a new user.

You can configure the types of information copied, the users to be copied from, and whether the copiedinformation adds to or replaces existing attributes of the user.


Figure 20: Selecting an existing user to copy access from, with a choice of which attributes to copy.

Figure 21: Selecting an existing user to copy access from. The attributes to copy are preset byconfiguration settings.

Managing existing users from a single pageTo manage existing users, you can now search for the user and select the one you want to view or modify.


Figure 22: Incremental (type ahead) search for an existing OpenPages user

A single page will appear, from which you can perform all user administration functions for that user. Youcan view and modify the details of an existing user account, such as the user's locale, profile and groupmemberships, role assignments, and reports access. You can also disable and lock users, and managetheir passwords.

Figure 23: Single page user administration

New LDAP server integration functionality for creating new usersYou can now configure integration of user provisioning with your LDAP server. When creating new users inOpenPages, you no longer have to manually enter detailed information such as user names and email.Administrators can search your company's LDAP servers for a list of people who meet the search criteria.

When a user is selected from the list, the information fields in the OpenPages Create User wizard will bepre-populated with the selected user's information from the LDAP server.


Set up the LDAP Server integration via the new configuration UI built for this purpose, which is accessiblefrom the Administration menu.

Figure 24: Administration menu access to LDAP Server Configuration

To access one or more of your LDAP servers, enter the fields in the Connection Properties section. Also,provide the information required to map the fields in your LDAP server to the fields in the OpenPages userrecord.

Figure 25: Configuration of LDAP server integration

Installation enhancementsSeveral enhancements have been made to help you install, deploy, and upgrade IBM OpenPages GRCPlatform.

Reimagined interface for installation and upgradeThe installation server user interface is now a single screen, featuring a clean modern design and a focuson the most critical information. It provides a view of the immediate status of all elements of thedeployment. Silent installation is still available and can be used with the existing topology to set up new


environments. In addition, the new installation server user interface is card-based and is simple and easyto use.

Figure 26: New installation server user interface

Enhancements to the installation and upgrade processThe installation and upgrade process for OpenPages has been completely re-imagined. You can nowcontrol all of your deployments from a single new installation server. The new process is simpler, faster,and more reliable, and the documentation has been streamlined.

The new process reduces deployment time by

• transferring only relevant assets to servers

• providing parallel deployment across multiple servers

• increasing automation and reducing the number of manual steps.

In addition, an enhanced logging mechanism now provides a clear folder structure, meaningful log filenames, and human-readable content.


Figure 27: Validation report

The installation process has been improved by separating validation, installation, and configuration steps,and by providing clear messaging during both pre- and post-validation. Self-patching capability isavailable if an installation needs to be updated. Application uninstallation is also available.

A new consistent methodology has been created for upgrades, whether deploying on an existing host or anew host. The enhanced upgrade begins with a fresh installation of the latest OpenPages version,followed by a restoration of the database backup and custom files. Installation agents are pushed to eachserver automatically to process deployment tasks. If the installation encounters an error, options areavailable to debug the problem without restarting the process.

Finally, for maintenance releases (fix packs and interim fixes), you simply place a zip file into amaintenance folder, and the installer and agents will apply the content.

Added deployment flexibilityTo allow you to deploy OpenPages according to your IT standards, additional deployment flexibility hasbeen provided. Deployment flexibility has been added in the following areas:

• Websphere cell and node names

• deployment into pre-existing cells

• separation of DBA and non-DBA operations

• control over tablespace names

• Oracle TDE encryption support

API enhancementsUpdates to IBM OpenPages GRC Platform APIs improve and extend the development of OpenPagesapplications.

New OpenPages Java and REST APIsNew Java and REST APIs have been added to enable monitoring and termination of processes that usethe long running process framework (LRPF).

The new APIs provides the ability to

• find available LRPF process types


• find LRPF process instances for a process type, filterable by state, start-date/end-date range, processowner, and parent process ID

• find LRPF process logs for an LRPF process

• terminate an LRPF process instance

Examples of LRPF processes are reporting schema operations, reporting framework operations, FastMaploads, program launch, and large copy and associate operations.

Two new application permissions control access to the monitoring and terminating of LRPF processes. Allsuper users will have access to all processes and logs and will have the ability to terminate processeswithout regard to new application permissions.

For more information on supported Java methods, see IBM OpenPages GRC API Javadoc. For moreinformation on supported REST resources, see IBM OpenPages GRC REST API Reference Guide.

Supported softwareIBM OpenPages GRC Platform 7.4.0 requires new versions of some software:

• Red Hat Enterprise Linux (RHEL) 7.0 and 6.6 (and higher minor releases and updates). RHEL 6.5 is nolonger supported.

• AIX 7.1 (or a higher fix pack). AIX 6.1 is no longer supported.

• IBM WebSphere® Application Server 9.0.0.3 (or a higher fix pack). Websphere 8.5.5.x is no longersupported.

• IBM DB2 ESE 11.1.0.0 (or a higher edition or fix pack) or DB2 ESE 11.1.1.1 (or a higher edition or fixpack.

• Oracle SE 12.1.0.2 (or higher edition or fix pack) is required. Oracle 11g is no longer supported.

• IBM Java SDK/JRE 8.0.4.1 (or a higher fix pack). Java 1.7 is no longer supported.

• Client browsers using Chrome or Internet Explorer 11 in native mode. Internet Explorer 9 and 10 andInternet Explorer compatibility mode are no longer supported.

• Cognos Analytics 11.0.7 Interim Fix 1001 (and higher 11.0.x continuous releases). Cognos 10.2.2.x is nolonger supported.

IBM OpenPages GRC Platform 7.4.0 does not support the datamart reporting schema or the Fujitsuadvanced workflow engine.

For more details about supported environments, see IBM OpenPages GRC Platform SupportedEnvironments (http://www.ibm.com/support/docview.wss?uid=swg27039467).


Chapter 2. New features in version 7.3.0.2

The new features in IBM OpenPages GRC Platform 7.3.0.2 include the following enhancements.


Object association suggestions using cognitive classificationsYou can now use the IBM Watson Natural Language Classifier service when you associate parent andchild objects. This enhancement is an expansion to the cognitive classification feature that was added toOpenPages in 7.3.0.1.

You can improve the quality of object associations and reduce the amount of time spent correctingassociations made in error. You can configure a Natural Language Classifier service to make objectassociation suggestions for any objects in OpenPages. It can make either parent or child objectassociations. For example, you can use it to support users when they create an Issue object andassociate it to a parent Control object. The text description that a user enters is used as input to a NaturalLanguage Classifier service that was trained by your domain specialists. The service returns a list ofsuggestions together with a confidence score.

The following example illustrates how you can use cognitive technology to support users when theyassociate objects.

A user creates an issue and enters a description.

Figure 28: Example of a user creating an Issue

The View Suggestions button is activated and the user clicks it.

The Natural Language Classifier service returns up to 10 suggestions together with a confidence score.

Figure 29: Suggestion window shows suggestions and confidence scores

The user chooses the suggestion with a 98% confidence score. The parent object is associated to theobject based on the choice that the user makes.

Figure 30: Parent object association is made

The user can now click the Parents tab and see the association that they just made. The systemsynchronizes object associations made on a classifier field with those made on the Parent tab or childrenassociation tabs.


For setup information, see Configuring cognitive services in the IBM OpenPages GRC Administrator'sGuide. For information about associating parent and child objects, see Adding an object instance with theAdd New wizard and Editing objects in Detail View in the IBM OpenPages GRC User Guide.

Integration with IBM Regulatory Compliance AnalyticsThe integration of IBM Regulatory Compliance Analytics with IBM OpenPages GRC Platform helps you tobetter understand how new and changed regulatory requirements impact your GRC processes. You cannow import data from RCA into OpenPages.

RCA is an integrated governance, risk, and compliance platform that enables companies to manage riskand regulatory challenges across the enterprise. In addition to its cognitive capabilities, RCA also providesa common platform to house regulatory documents and their associated obligations across multiplejurisdictions, sectors, and regulators.

You can use RCA data that you import into OpenPages to assess the impact of new, changed, anddeprecated requirements on your GRC policies and procedures, training and awareness, monitoring andtesting, and risk assessments.

At the object-type level, documents, obligations, and controls in RCA are mapped, respectively, toMandates, Requirements, and Controls in OpenPages, as shown in the following illustration:

Figure 31: RCA to OpenPages object type mapping

For each object type, you can configure the field-by-field mapping.

When you import RCA data, matching Mandate, Requirement, and Control objects in OpenPages arecreated or updated. The fields that you configured are populated with RCA data, and the associationsbetween objects are automatically imported. You can reimport data if it changes in RCA.

The categorization and tag information in RCA is also imported into OpenPages. Categorizations provideinformation about compliance activity, geography, lines of business, products, and so on. After thisinformation is in OpenPages, you can use it in many ways. For example, you can use it as search criteria,to group requirements together, or to organize requirements by themes. This valuable content is now inOpenPages and available for you to use as you require.

You can also partner the RCA data with the new capability in OpenPages to use an IBM Watson NaturalLanguage Classifier service when you associate parent and child objects. For example, you can importRCA obligations into OpenPages and then use a Natural Language Classifier service to link them to themost appropriate controls in your library.

New features in version 7.3.0.2 25

For setup information, see Importing IBM Regulatory Compliance Analytics data in the IBM OpenPagesGRC Administrator's Guide.

Configuring URL link names by using the rich text display type for simple stringsYou can use the rich text display type to display a user-friendly link name as a field's default value. Thisfeature is an alternative to using the URL display type, which can display only URL internet addresses.

In the following example, the Triage Guidance field is displayed on the Add New view for Incidents. Thedefault value for the Triage Guidance field is an anchor tag that specifies a URL to company-internaldocumentation, a user-friendly link name, and a font style, color, and size.

Figure 32: Example of a user-friendly link name

When the user clicks Incident Triage Process, the URL opens in a new window.

This existing feature is described in the new topic, Configuring URL link names by using the rich textdisplay type for simple strings, in the IBM OpenPages GRC Administrator's Guide.

Copy views to profilesAdministrators can now copy Object Views (which include the Detail View and Activity Views) andCreation Views from one profile to one or more other profiles. This makes it easier to keep viewssynchronized between profiles, and it makes profile management activities more efficient and less proneto errors.

On the Profile page for any object, Copy is now available as an action for any existing Object Views andCreation Views.

The following example illustrates how you can copy the Activity View for the Business Entity object fromthe OpenPages Modules 7.3.0 Master profile to several other profiles.


Figure 33: Example of the Copy action for Object Views and Creation Views

When you click Copy from the Actions menu for the Activity View, the Copy window opens and you canselect the profiles that you want to copy the Business Entity Activity View to.


Figure 34: Example of the Select Profiles tab

When you click Validate, information messages, warnings, and errors are displayed. Based on the resultsof the validation operation, you can decide whether to proceed with the copy operation.


Figure 35: Example of the Validate tab

In this case, there is one reported error because the Business Entity object does not exist in the LossEvent Entry profile. You review the warnings and information messages related to the other two profiles,and determine that there is no issue in proceeding. After you click Copy, the Results tab indicates that theBusiness Entity Activity View was copied successfully from OpenPages Modules 7.3.0 Master to two ofthe profiles that you selected. It was not copied to the Loss Event Entry profile.

Figure 36: Example of the Results tab


For more information about this feature, see Copy views for an object from one profile to one or moreother profiles in the IBM OpenPages GRC Administrator's Guide.

Administration and serviceability enhancementsAn enhancement has been made to help you administer, maintain, and support IBM OpenPages GRCPlatform.

Compare environments

You can find differences between two environment configuration XML files by using the new CompareEnvironments feature. Use Compare Environments to identify and resolve issues before you migrateconfigurations from one environment to another.

Compare Environments compares XML files that you generate in each environment. You can generate theXML files by using Export Configuration or by using ObjectManager. Compare Environments looks at theXML files and identifies any differences in the files. Compare Environments also uses validation rules tocheck the XML files for any errors and for changes that might cause issues during a migration.

For example, you can compare the profiles that exist in two environments.

Figure 37: Comparing profiles in a source and target environment

You can export the results to see details about the differences. In this example, a profile that is calledNewVendor exists in the target environment but not in the source environment.


Figure 38: Results of the comparison: A profile does not exist in the source environment

The source and target files can be from environments that are running different versions of IBMOpenPages GRC Platform. Further, you can run Compare Environments on a system that is running aversion that is different from both the source and target environments.

For more information, see Comparing IBM OpenPages GRC Platform environments in the IBM OpenPagesGRC Administrator's Guide.



The new features in IBM OpenPages GRC Platform 7.3.0.1 include the following enhancements.

IBM OpenPages GRC on Cloud updateIBM OpenPages GRC on Cloud has been updated to version 7.3.0.1.

Some features and functions might not be available in OpenPages GRC on Cloud. For example,OpenPages GRC on Cloud does not include integration with IBM Business Process Manager and certainadministrative functions.

If you have any questions about the functionality available in the product version that you are using,contact IBM OpenPages Support via the IBM Support Portal (http://www.ibm.com/support).


Taxonomy suggestions using cognitive classificationsYou can now use the IBM Watson Natural Language Classifier service to build cognitive technology thatbrings expertise to users' fingertips. It can support human decision making and interact naturally withusers when they classify information that they create. The Natural Language Classifier understands theintent behind text and returns corresponding suggested classifications together with a confidence score.

With training data that you design when you create a Natural Language Classifier service, you can sharethe knowledge and expertise of a few domain specialists with a large pool of users. You can improve thequality of classifications and reduce the amount of time spent reclassifying objects. You can support usersin assigning the correct classifications even if they do not have extensive knowledge or training in thedomain.

You can use a Natural Language Classifier service for any objects in OpenPages but it is most typicallyused for loss events, waivers, issues, and incidents. For example, you can use it to support user decisionmaking when they classify a loss event to the correct Basel II categorization. You can also use it tosupport user decision making when they classify waivers as exceptions to regulatory compliance. The textdescription that a user enters is used as input to a Natural Language Classifier service that was trainedwith knowledge from your domain specialists.

Using a Natural Language Classifier service is best suited to situations where users are generating a highvolume of objects, hundreds or even thousands per year. Cognitive computing adds value when it isscaled to a large data set and to a large group of users. You can link OpenPages to one or more NaturalLanguage Classifier services in IBM Bluemix.

The following example illustrates how you can use cognitive technology to support users when they enterincidents.

First, a user creates an incident and enters a description.

http://www.ibm.com/support

Figure 39: Example of a user entering an incident

The View Suggestions button is activated and the user clicks it.

The Natural Language Classifier service returns up to 10 suggestions together with a confidence score.

Figure 40: Suggestions and confidence score


The user chooses the suggestion with a 94% confidence score. The Risk Category, Risk Sub-Category,and Risk Example fields are automatically filled based on the choice that the user made.

Figure 41: Classifier target fields are automatically filled

For setup information, see Configuring cognitive services in the IBM OpenPages GRC Administrator'sGuide. For information about classifying a new object and editing classifier information for an existingobject, see Adding an object instance with the Add New wizard and Editing objects in Detail View in theIBM OpenPages GRC User Guide.

Integration with IBM Business Process ManagerEnhancements were made to the integration of IBM OpenPages GRC Platform with IBM Business ProcessManager.

The following enhancements were made:

• Added the OPLaunchChildProcesses integration service. You can use it in a hierarchical process thatinvolves a large number, even hundreds, of child action items without compromising serverperformance. The new advanced hierarchical process example illustrates how you can use it.

• Added the OPPerformRESTGet integration service. You can use it if no integration service meets yourrequirements but a REST API does.

• Changed the fields input parameter on the OPHierarchicalQuery integration service so that it canretrieve the resource ID or the system fields rather than the explicit field name format. You can specify itto use one of the following new keywords: Id for only the resource ID or System Fields for all thesystem fields from the child type. Minimizing the number of fields brought back from the query resultsreduces memory usage and can improve process performance.

• Added a start input parameter to the OPHierarchicalQuery integration service.

• Added a start input parameter to the OPHierarchicalAssigneeQuery integration service.

• Removed the 64 character limitation for field names. In version 7.3.0.0, the maximum length ofOpenPages field names in IBM Business Process Manager was 64 characters. This restriction no longerapplies.


Questionnaire assessmentsSeveral enhancements have been made to questionnaire assessments.

Pre-fill answers on questionnaire assessments

When you launch a program, you can now pre-fill answers from previous programs for the same asset andthe same question. For example, this year you can send out questionnaire assessments that are the sameor similar to ones you sent last year, and you can include last year's answers. The recipients receivequestionnaire assessments where some or all of the questions have pre-filled answers, therefore, savingthem time and effort. You can choose to also copy comments and attachments.

The following example shows how a pre-filled answer to a question is displayed. The first two chooses areselected, without the recipient having to take action, and the questionnaire assessment where the answercame from is displayed if you click Details. The respondent can keep the answer or change it.

Figure 42: Example of a pre-filled answer on a questionnaire assessment

Questionnaire templates support table-style answers

You can use the new question type, Table Answer, to add table-style answers to questionnaire templates.Use it to build a grid format, where the columns are fixed and the rows vary, when you need an open butstructured approach to the information you need to gather. A table-style answer can have up to 15columns. On a questionnaire assessment, a respondent can add up to 30 rows and write up to 50characters per cell. If the question is required, the respondent must enter one row of information. Thequestions can be dynamic questions but they cannot be control questions. For reporting purposes, tableanswers are persisted in CSV format with the pipe bar as a delimiter.


The following example illustrates how you can build a table-style answer so that you collect consistentinformation for contacts.

Figure 43: Example of a table-style answer on a questionnaire assessment

Dynamic questions support multiple answers in control questions

In a dynamic question, in Has been answered, you designate a control question's answer that makes thedynamic question display. Previously, you could select only one answer. Now you can select multipleanswers. When a respondent selects any of the answers that are given in Has been answered, thedynamic question displays.

IBM OpenPages GRC SDI Connector for UCF Common Controls HubA new connector is available, IBM OpenPages GRC SDI Connector for UCF Common Controls Hub.

Use IBM OpenPages GRC SDI Connector for UCF Common Controls Hub to import data from UCFCommon Controls Hub into IBM OpenPages GRC Platform.

IBM OpenPages GRC SDI Connector for UCF Common Controls Hub connects to a UCF CommonControls Hub subscription account and to IBM OpenPages GRC Platform through the REST API.

The connector includes pre-packaged IBM Tivoli Directory Integrator assembly lines that you can importand configure in IBM Tivoli® Directory Integrator. You can run the assembly lines to import authoritydocuments, citations, and controls from UCF into OpenPages as mandates, submandates, andrequirements.

To use the IBM OpenPages GRC SDI Connector for UCF Common Controls Hub, you need a license forthe connector and you need a UCF Common Controls Hub Basic Subscription with the API Access add-on.

Note: IBM Security Directory Integrator is the latest name for IBM Tivoli Directory Integrator. You mightsee TDI and SDI used interchangeably in the documentation.


Figure 44: Example of an authority document that was imported from UCF

Figure 45: Detail view of a requirement that was imported from UCF


You must have a UCF Common Controls Hub account to use this feature.

For information about setting up IBM OpenPages GRC SDI Connector for UCF Common Controls Hub,see the IBM OpenPages GRC Installation and Deployment Guide. For information about using theconnector, see the IBM OpenPages GRC Administrator's Guide.

Solution enhancementsEnhancements to solutions are included in this version of IBM OpenPages GRC Platform.

IBM OpenPages Regulatory Compliance Management Theme Deployer

The RCM Theme Deployer is a tool that users can use to lay the foundation for business entities tocomplete regulatory compliance assessments.

The RCM Theme Deployer distributes regulatory requirements (organized into themes) and createsassociations to controls for business entities to assess. When users select a theme to deploy to businessentities, the structure is created, including the compliance plan, compliance theme, and the relevantrequirement evaluation records beneath the theme, linked to the relevant control objects.

The RCM Theme Deployer enables organizations to:

• Deploy and assess similar regulatory requirements, based on a consistent methodology

• Quickly access all regulatory requirements that are related to a theme in one object

• View all of the controls that are in place (or that are missing and should be in place) that satisfy therequirements

• Assess how well the organization is satisfying one or many similar regulations by using regulatorycompliance assessments

Users can deploy a theme to multiple business entities.

Figure 46: Deploying a theme to multiple business entities

Users can also deploy multiple themes to single business entity.


Figure 47: Deploying multiple themes to a business entity

Administrators can configure the RCM Theme Deployer by using the new IBM OpenPages RegulatoryCompliance Management configuration tool.

For information about setting up the RCM Theme Deployer, see the IBM OpenPages GRC Administrator'sGuide. For information about using the RCM Theme Deployer, see the IBM OpenPages GRC User Guide.

IBM OpenPages Regulatory Compliance Management configuration tool

A configuration user interface is now available for IBM OpenPages Regulatory Compliance Management.Administrators can use the tool to configure IBM OpenPages Regulatory Compliance Management. Forexample, administrators can configure the RCM Theme Deployer.

Figure 48: RCM configuration tool

For information about using the RCM configuration tool, see the IBM OpenPages GRC Administrator'sGuide.


Solution loader for IBM OpenPages Vendor Risk Management

The IBM OpenPages Vendor Risk Management solution was added in version 7.3.0.0. Customers whoperformed a fresh installation of version 7.3.0.0 and who licensed the solution were able to use the IBMOpenPages Vendor Risk Management.

Fix pack 7.3.0.1 includes a solution loader for the IBM OpenPages Vendor Risk Management. The solutionloader enables customers who upgraded from a fresh 7.2 installation to version 7.3.0.1 to load theobjects, relationships, and profiles to use the IBM OpenPages Vendor Risk Management solution.

You must have a IBM OpenPages Vendor Risk Management license to use the solution.

If you had a fresh installation of IBM OpenPages GRC Platform version 7.2 with solutions and thenupgraded to version 7.3.0.1 or later, use the solutions loader to install IBM OpenPages Vendor RiskManagement. You must have the 7.2 solutions schema in your environment.

For more information, see the IBM OpenPages GRC Installation and Deployment Guide.


New X-XSS-Protection response header setting

The new X-XSS-Protection setting enables XSS filtering on server responses. Using this setting ispreferred to using the IE XSS Filter setting. If there is a conflict between the IE XSS Filter and X-XSS-Protection settings, the one that enables the header is used.

For more information, see the IBM OpenPages GRC Administrator's Guide.



The new features in IBM OpenPages GRC Platform 7.3 include the following enhancements.


Integration with IBM Business Process ManagerThe integration of IBM OpenPages GRC Platform with IBM Business Process Manager gives you accessto an enhanced level of GRC process automation. IBM Business Process Manager is an industry-leadingprocess automation system that is both scalable and highly configurable.

Process authors can develop workflow solutions that align specifically with their requirements. They canalso configure custom coach views that show object information in a form that uniquely meets the needsof the user task. Additionally, process authors can use a set of integration toolkits. These toolkits aligndirectly with IBM OpenPages GRC Platform APIs and leverage the existing data and configuration in thesystem.

Process authors use the Process Designer to define business processes. For example, the following figureshows a simple risk assessment process in the Process Designer.

Figure 49: Example of the Process Designer

Process authors can design coach UIs and embed them into business processes. When a businessprocess reaches a point where it calls a coach UI, the user must complete information on the screen inorder for the business process to continue.

The following example shows a coach UI for a risk assessment process. In this example, the user can setan inherent likelihood.

Figure 50: Example of a coach UI

Users can launch and work on GRC processes by working with the embedded IBM BPM Process Portal.The Process Portal is a new tab on the Home page. When you click it, the system opens the IBM BPMProcess Portal.

You can use the Process Portal to:

• Launch processes

• Claim and participate in tasks

• Track task progress with a dedicated swimlane diagram

• Use the BPM collaboration services and get in touch with "experts" and frequent process participants

The following example shows how the information in the Process Portal can appear. It shows the duedates and priorities of the tasks that are assigned to the user.


Figure 51: Example of the Process Portal on the Home page

From a task, you can identify where your task is at in the overall process. The current stage is highlightedin yellow. In the following example, the process is at the risk assessment stage.

Figure 52: Example of reviewing stage ownership in a business process

For more information, see the IBM OpenPages GRC Business Process Author's Guide.

Global search enhancementsGlobal search has been enhanced.

• You can refine search results by users, folders, and dates


• You can search the text content of file attachments

• Administrators can configure an additional field to display in global search results sets

Refine search results by date, user, and folderIn IBM OpenPages version 7.2, global search results could be refined by object type. Now you can alsorefine search results by Dates, Users, and Folders.

Date

You can use Date to limit search results to a combination of Creation Date, Last Modified Date, orOther Dates on the object.

For example, you can refine the search results to display objects created between January 2016 andNovember 04, 2016, modified within the last three months, and a specific date on the object must beOctober 29, 2016.

Figure 53: The Date facet for global search


User

You can refine search results based on the user who created or modified the object, or based on a usernamed in a user selector field on the object.

For example, you can refine the search results to display objects that were created by you and lastmodified by Jim Smith.

Figure 54: The User facet for global search

Folder

You can refine search results to objects that match the value in full or in part that you enter.

For example, if you enter Internal Audit / ITAud, objects that include in their path "Internal Audit /ITAud" are returned.


Figure 55: The Folder facet for global search

Search within file attachmentsAdministrators can now configure global search to not only search on the fields of objects, but also on thecontents of any text-based file attachments.

All global search results on SOXDocument object types now include a link to view the contents of the fileattachment without leaving the search results page. This is true whether the result comes from matchingfield data or matching file attachment contents.

The search results returned for files and file attachments include a View file link that provides immediateaccess to the file or file attachment itself. The Name field link takes you to the default view for the objecttype.

Administrators can configure which file types to include for search, such as .docx, .xlsx, .pptx, and .pdf.


Figure 56: Search results that include files and the ability to directly view their attachments

Include an additional field in results setsAdministrators can configure an additional field to display in global search results sets.

The inclusion of this additional field value in the results allows the user to better tell if the result is one thatthey want to work with or not.

In addition to the information provided in earlier versions (Object Type, Name, Description, and Path),administrators can now configure an additional field for each object type. The additional field is configuredglobally across profiles.

The additional field supports text area and text box display types.


Figure 57: The loss event object in these search results includes an additional field, 'What Happened', witha brief description.

New Dashboard tab on the Home PageThe Dashboard tab allows users to create their own dashboard for the Home Page. Users can now workmore efficiently by creating quick access to the tasks and information that they use most often. Users cantailor their dashboards to suit the way that they work. Clicking the Home button in the global headerreturns the user to the Home Page tab that they used most recently.

For example, a user might choose to customize the Dashboard tab to show how many QuestionnaireAssessments are assigned to him or her, and how many are in review and in approval states. In addition, auser might choose to add a panel with links to frequently used websites. In some panels, a user mightinclude an Add New button that is preconfigured for a particular object type or global search links that arepreconfigured for specific objects, such as Vendor.


Figure 58: Example of a Home page Dashboard

Users and administrators can add as many of the following types of widgets as needed to the Dashboardtab:

• Filter Count widget, for example, you can create a widget to display the number of QuestionnaireAssessments assigned to you

• Object Global Search widget, to perform a search on a specific object type

• Static Web Link widget, to provide a link to a URL, for example to give you quick access to referenceinformation or to a related application

• Add New widget, to provide an Add New button that is preconfigured for a specific object type

For each profile, the administrator can provide the initial content and required content for the Dashboard,so that every user of the profile has these elements available to them. Each user can then take ownershipof their own dashboard and tailor it to their needs. For example, users can add elements that are specificto their needs.

Administrators can export the configuration of a default Dashboard tab in JSON format. This feature isuseful when migrating from one environment to another. This feature also enables administrators to exportan existing Dashboard configuration and use it with another profile.

Multiple profilesAdministrators can configure multiple profiles for end users. Users with multiple profiles can change fromone profile to another easily, without the need to log off.

Multiple profiles are beneficial to end users who have more than one function in an organization andrequire a different profile for each function.

Multiple profiles are also beneficial to administrators and implementers because they can create a smallerset of more task-focused profiles, reducing the effort to maintain profiles.


For example, suppose that you are both a control tester and an auditor. Your administrator can assign theprofile for both of these functions to you, and you can switch back and forth between the two, asrequired.

You can switch to a different profile by clicking the User menu in the global header, and selecting theprofile you want from the My Profiles list.

Figure 59: My Profiles list from the user menu

Compound search on first and last names in the actor pickerIt's now easier to search for users. The search feature in the actor picker now looks for matches in thecombination of the first and last names.

In previous versions, the search feature looked for matches in the first name, last name, email address,and user name, but did not look for matches using the first and last name combined.

For example, if you enter Al Audit as a search term, two names that returned zero results in previousversions, you now get a list of results.


Figure 60: Results of a search on Al Audit

Enhancements to the Filtered List View and Grid ViewSeveral enhancements have been made to the Filtered List View and the Grid View.

Users can now perform Copy and Associate operations from the Grid View. Users can also include Fileobject types in Grid Views and Activity Views. These new capabilities enable users to complete moretasks without having to leave one of these task-focused views. This reduces navigation and makes iteasier to get the job done.

View file attachments and file information in Grid Views and Activity ViewsYou can use the Administration user interface to configure files in Grid Views and Activity Views, just asyou would any other object type.

The following graphic shows files at the third level of the Grid View. Files can be configured at any of thethree levels. You can also view file attachments and file information in Activity Views.


Figure 61: Files at the third level of the Grid View

Enhanced interface for Copy and Associate operationsYou can now copy and associate objects from the Detail View and Activity View using a new interface.

In previous versions, the filtered list view interface was used to copy and associate objects. The newinterface is consistent with the Add New wizard and other existing wizards in the product.

Figure 62: The Actions menu

You can use a registry setting to revert to using the legacy copy and associate features in Activity Viewsand Detail Views only. This is to allow time to ensure that the new implementation meets your needsbefore you retire the old implementation. The interface that is used for copy and for associate tasks fromGrid Views is always the new interface.


Figure 63: The Associate wizard

To find the items that you want to select for the operation, you can choose from recently used objects, oruse searches, or use saved filters:

Figure 64: Recently used or saved filters used to find items

The Copy wizard interface is similar, with an extra page for more copy options. You can copy an objectand its descendants, or only the top object. For example, if you want to copy a risk, but do not want tocopy the dozens of controls, test plans, test results, and issues underneath it, you can now click Copyselected objects only .


Figure 65: The Copy Options page

Copy and associate objects in the Grid ViewYou can now copy and associate objects from rows in a Grid View, so you can complete your task withoutleaving the view.

In previous versions, you could not copy and associate objects from Grid Views at all. The new interfaceuses a right-click menu, and is consistent with the Add New wizard and other existing wizards in theproduct.

Figure 66: The right-click menu in the Grid View

You can associate only object types that are in the view. For example, in a Grid View showing processes,risks, and controls, you can copy or associate risks under a process, and you can copy or associatecontrols under a risk.


Figure 67: The Associate wizard in the Grid View

To find the items you want to select for the operation, you can choose from recently used objects, or usesearches, or use saved filters:

Figure 68: Recently used or saved filters used to find items


The Copy wizard interface is similar, with an extra page for more copy options. You can copy only the topobject. For example, if you want to copy a risk, but do not want to copy the dozens of Controls, TestPlans, Test Results, and Issues underneath it, you can now click Copy selected objects only .

Figure 69: The Copy Options page in the Grid View

Include parent criteria in Analytics bar filtersWhen you use a Filtered List View or Grid View for an object type, you can view filters in the Analytics bar.You can now create filters based on parent information criteria. These filters can be saved and used asfilters on your Home Page dashboard.

You can choose to filter based on the parent type alone.

You can also filter by the attributes of the parent type by choosing the field name and defining the value tofilter for (similar to existing filters).

For example, you can now:

• Search on Control Issues only (that is, on issues that have a control as a parent).

• Search on Critical Control Issues only (that is, on issues that have a control of high criticality as a parentattribute).


Figure 70: Filter on parent type


Figure 71: Filter on parent attributes

Attention:

• Filters can be built on one parent object type only.

• This feature is available only to end users. The user interface for administrators does not supportthis feature.

More options when exporting dataUsers can now choose the fields and object types that are exported.

Users can choose to export only the fields that are configured in the Filtered List View or Grid View, ratherthan exporting all fields. As well, users can choose which object type and how many levels of object typesto export. Depending on the configuration, users can export up to two levels of object types beyond thetypes configured in the view.

Users can export just the fields they want, providing a more focused view of their data. Users can chooseto export multiple object types in one operation, simplifying the process of exporting the data, andallowing them to break the limitation of three levels of objects in a grid view.


Figure 72: Export dialog box

Enhancements to the Detail View and Activity ViewEnhancements have been made to the Detail View and to the Activity View.

Configure file object types in Activity ViewsYou can now view file attachments and file information in the Activity View.

Collapse and expand sectionsYou can now collapse and expand the sections in the Detail View and Activity View.

To expand a section, click the plus sign beside the section label. To collapse a section, click the minussign.


Figure 73: Expanding the section named Risk Rating

View the first item in a child list automaticallyMore information is now displayed when you go to an Activity View. When an activity view has two ormore levels, the first object in the second level is highlighted and opened automatically.

In earlier versions, a list of second-level objects was displayed. To view the details for an object, you hadto click the object to open it, and then click again to expand to another level of detail. Now, the first objectin the list is opened automatically. This enhancement provides more information and reduces the numberof clicks you must perform to view the details.


Figure 74: View with the first item highlighted and opened

Solution enhancementsA new solution, IBM OpenPages Vendor Risk Management is now available. In addition, enhancementshave been made to IBM OpenPages Operational Risk Management.

IBM OpenPages Vendor Risk ManagementThe new IBM OpenPages Vendor Risk Management solution supports firms in assessing and analyzingrisks that are associated with the vendors they do business with.

IBM OpenPages Vendor Risk Management brings transparency into operational and security activities forvendors and the subcontractors they hire. It provides a scalable way to manage third-party complianceand risk. Firms can use it to more clearly understand how individual vendors or engagements relate tobusiness processes.

IBM OpenPages Vendor Risk Management allows firms to complete the following tasks:

• Create, maintain, and document all vendors and engagements

• Classify or "tier" vendors as low, medium, or high criticality

• Manage contracts with third-party vendors

• Understand how third-party engagements support your business

• Use standard risk assessments to identify and mitigate risk in a specific way for individual vendors


• Leverage the questionnaire assessment capability to conduct vendor or engagement tiering usinginformation that you gather with risk or compliance questionnaire assessments

• Collect and store evidence in a central location

• Remediate and mitigate risks after they are identified

• Build key performance and key risk indicators

• Monitor and report risks on an ongoing basis

The following figure shows a questionnaire assessment that is used to collect information about a vendor.

Figure 75: Example of a questionnaire assessment

IBM OpenPages Operational Risk ManagementEnhancements to Scenario Analysis allow firms to collect scenario data that can be used bothqualitatively and directly as an input into the operational risk capital model.

When you create a Scenario Analysis, on the Scenario Analysis Assessment tab, you must now define theNumber of Buckets. For each bucket, you can provide the financial impact in Severity Bucket and theestimated number of losses in one year in Frequency Bucket.

The following example shows how you use the new fields to create a Scenario Analysis with the Add Newwizard.


Figure 76: Example of creating a Scenario Analysis

When the Scenario Completion Helper is run, the buckets are populated in the child Scenario Resultobject. A reporting fragment is created to display the bucket ranges in tabular format for the ScenarioAnalysis Detail View, which is shown in the following example.

Figure 77: Example of the reporting fragment that displays the frequency and severity estimates



IBM OpenPages GRC SDI Connector for UCF Common Controls Hub

Maintaining personalizationsSome personalizations to OpenPages are now maintained when you clear your browser cache or switchto another browser or device. For example, if you rearrange the panels on your Home Page dashboardand then switch to another browser, your dashboard looks the same in the new browser window. Thechanges that you made to the panels are preserved. Previously, personalizations were lost because theywere stored in the browser.

In version 7.3, the following personalizations are stored in the database:

• The homepage tab that was last selected: My Work or Dashboard

• My Work tab

– Hidden and shown panels

– Collapsed and expanded panels

– Panel sequence

• Dashboard tab

– Hidden and shown panels

– Panel sequence

– Widgets added and removed from the dashboard

• Analytics bar:

– The default filter

– The filters that are displayed on the analytics bar

– The order of the filters

– The expanded or collapsed state of the analytics bar

• Grid views

– Column widths

– Sequence of fields

– Compact mode or full mode, and the fields shown or hidden for each mode

FastMap import performance improvementsThe performance of FastMap imports has been improved by a significant amount. The improvedperformance applies to objects being created or updated.

Note: The total time it takes to modify objects with a FastMap import can be affected by the time it takesfor the triggers to operate. The improvements made to FastMap import performance do not impact theportion of time spent evaluating and executing the triggers.

Collect and view logsVersion 7.3 provides a new LogCollector tool.

The LogCollector tool provides a command-line interface that you can use to collect log files anddiagnostic data from the IBM OpenPages GRC Platform environment.

With the LogCollector tool, you can collect log and diagnostic files from the IBM OpenPages GRCPlatform environment and from the IBM OpenPages GRC Platform database.


Supported softwareThe software requirements for IBM OpenPages GRC Platform have changed.

IBM OpenPages GRC Platform now supports Red Hat Enterprise Linux (RHEL) 7.0 (and higher minorreleases and updates). Red Hat Enterprise Linux (RHEL) 6.5 (and higher minor releases and updates) isalso supported.

OpenPages GRC Platform requires new versions of some software.

• IBM WebSphere® Application Server 8.5.5.9

• If you are using IBM DB2®, version 11.1 is required. IBM DB2 version 10.5 is no longer supported.

• If you are using IBM DB2, IBM Cognos® Business Intelligence (BI) version 10.2.2.6 or later is required.

For details about supported environments, see IBM OpenPages GRC Platform Supported Environments(http://www.ibm.com/support/docview.wss?uid=swg27039467).

OpenPages APIsUpdates to IBM OpenPages GRC Platform APIs improve and extend the development of OpenPagesapplications. This section lists the new, changed, and deprecated features within the OpenPages APIs.

OpenPages Java API

Updates to the IBM OpenPages GRC Platform Java™ API include:

1. The Query Syntax has been enhanced to support indirect joins using the ANCESTOR keyword. Formore information, refer to indirect (hierarchical) join descriptions in the OpenPages javadocs, as well asthe related QueryTestJSP sample.

2. Enhancements to creating, getting, updating, and deleting GRC objects were implemented to improveperformance. For more information, see the ISecurityService interface and the newgetGroup(groupName,options) method.

3. The IConfigurationService interface has been expanded to support users with multiple profiles.

4. The DateFacetParam, SearchFacetOptions, and UserFacetParam classes have been added to supportsearching object facets.

5. The IBM OpenPages GRC Trigger Developer Guide now indicates that a copied object's ResourceID isavailable in the POST phase.

For more information on supported Java methods, see the IBM OpenPages GRC API Javadoc.

OpenPages REST API

Updates to the IBM OpenPages GRC Platform REST API include:

1. Enhancements to creating, getting, updating, and deleting GRC objects were implemented to improveperformance.

2. The AnonLossEventFormREST sample was updated to remove dependencies on Juno.jar. Thesample now uses Jackson as the JSON library.

3. The /workflow URL resource is now deprecated. A replacement workflow integration solution will beadded in a future OpenPages release.

4. A new /grc/api/contents/{contentId}/report/{fieldName} URL resource was added. The URL returns theReport Fragment output of a specified field.

5. A new /grc/api/configuration/text URL resource was added. The URL returns all the application text fora user's locale.

6. Examples for /group URLs have been modified to demonstrate the use of multiple profiles, where auser may have more than one defined profile.

7. Optional /search parameters (fot, fur, fdt, ffp) to support searching facets have been added. The typesparameter has been deprecated; use fot instead.

8. The UserType attribute emailAdress was deprecated. Use emailAddress instead.


http://www.ibm.com/support/docview.wss?uid=swg27039467

For more information on supported REST resources, see the IBM OpenPages GRC REST API Guide.



The enhancements in IBM OpenPages GRC Platform 7.2.0.4 include enhancements to questionnaireassessments and a new tool for collecting and viewing logs.

Questionnaire assessments

You can now hide comments and attachments for individual questions on a questionnaire assessment.Use the new Show Comment and Show Attachment check boxes on questionnaire templates to controlthe display. Previously, all questions had comments and attachments.

On the second and subsequent reviews of a questionnaire assessment, a reviewer can now provide acomment on answers they accept that were rejected in the last review.

For more information, see the IBM OpenPages GRC Platform User Guide.

Collect and view logs

The new LogCollector tool provides a command-line interface that you can use to collect log files anddiagnostic data from the IBM OpenPages GRC Platform environment.

With the LogCollector tool, you can collect log and diagnostic files from the IBM OpenPages GRCPlatform environment and from the IBM OpenPagesdatabase.


The enhancements in IBM OpenPages GRC Platform 7.2.0.3 includes the new business entity selectorand the new loss event entry app.

Changes to IBM DB2 conformanceVersion 7.2.0.3 introduces support for IBM DB2 version 11.1. IBM DB2 10.5.0.5 special_33521 is alsosupported.

For more information, see supported software environments (http://www.ibm.com/support/docview.wss?uid=swg27039467).


The enhancements in IBM OpenPages GRC Platform 7.2.0.2 includes the new business entity selectorand the new loss event entry app.

OpenPages Loss Event EntryYou can use IBM OpenPages Loss Event Entry to enable users across an organization to quickly createloss events. It is easy to use and task focused for users with no experience with OpenPages. They canuse it without a user account for OpenPages. IBM OpenPages Loss Event Entry is an optional, chargeablecomponent.

Users typically access IBM OpenPages Loss Event Entry from a link on your organization's intranet. Theuser interface is in the language of their choice, and dates and numbers are formatted in ways that arefamiliar to them. They can immediately begin entering information, as shown in the following example.

Figure 78: Example showing a loss event in OpenPages Loss Event Entry

The user can identify the business entities that are involved in the loss event, and indicate their roles in theloss event. When the loss event is submitted, the system displays a printable submission summary andsends an email confirmation to the user.


Figure 79: Example showing a confirmation message

The risk management team can then triage the loss event and follow up with an investigation just like theydo for loss events that are created in or imported into OpenPages. It is then approved in OpenPages or inthe OpenPages approval app.

OpenPages Loss Event Entry supports OpenPages configuration, such as field and display types, fielddependencies, and support for multiple locales and currencies. Like the OpenPages configuration, youcan control the tabs and sections that are displayed, the names for sections and fields, and whether theyare optional or mandatory. You can also control whether users can create associated loss impacts andloss recoveries and whether they can attach evidence to loss events. The locale determines the languageand the format of the date and amount fields. Amounts can be entered in different currencies with presetor entered exchange rates.

You can use OpenPages Loss Event Entry on desktops that use Chrome or Internet Explorer.

Business Entity SelectorBusiness Entity Selector is a new display type that you can use in IBM OpenPages Loss Event Entry andin most OpenPages views. This display type enables users to quickly identify the role a business entityplays. If you have situations where Issues, Incidents, Findings, Loss Events and other objects areassociated to multiple business entities, you can now indicate the role each business entity plays for thatobject using the Business Entity Selector.

When you access the field it provides a default starting point in a business entity structure. You can thenmove up and down the structure to find the business entity you want to choose using the Browse tab. Youcan quickly find entities you work with most frequently on the Recently Used tab. You can use the Searchtab to find a business entity if you know its name.

For example, suppose you want to create fields in IBM OpenPages Loss Event Entry where users canselect the business entities that caused a loss event. Also, you want users to see just the branches of thebusiness entity hierarchy that are relevant for loss events. You can create two fields that use the businessentity selector display type, Primary Caused and Secondary Caused. When you define each field, you canlimit the business entities users see by selecting a starting business entity and the number of levels todisplay. When a user clicks one of these fields, the business entity window opens where users can selecta business entity using one of the three tabs.


Figure 80: Example of selecting the Primary Caused Entity in Loss Event Entry using the Search tab in theBusiness Entity Selector

When you use the Browse tab, the display shows the starting business entity you selected and thenumber of levels below it that you specified.


Figure 81: Example of selecting the Primary Caused Entity in Loss Event Entry using the Browse tab in theBusiness Entity Selector



The enhancements in IBM OpenPages GRC Platform 7.2.0.1 includes the new approval app and the newfix pack installer.

The OpenPages approval appIt's reassuring that the power and complexity of OpenPages is there to help your business remaincompliant, but the end goal of all this activity results in actionable items that need your attention in aconcise, easily accessible format.

A casual or infrequent user of OpenPages is now able to make well-informed decisions for GRC tasksguided by information from the system quickly and easily, without the need for extensive training inOpenPages.

Upon email notification telling you what you are being asked to do, just click on the hyperlink in the emailand you are brought to a page in the approval app that includes all the relevant information and providesyou with an opportunity to take the requested action. If you want to see all of the items sent to you in theapproval app, you can go to your To Do list by clicking on the IBM OpenPages GRC Platform logo. Yousimply make the decision (or respond to certification language or questions), with your comments ifnecessary, and click the relevant button to submit. You can use this feature on tablets and mobile devices(that use the Chrome browser or the Internet Explorer browser, versions 9 and later) for increasedflexibility.

Here are a few example scenarios:

• An action item is due for completion on a certain date and the action item assignee has requestedpushing the date out by 3 months. The owner of the parent issue is asked to approve the request todelay.

• A loss event has been entered, evaluated and investigated and has been sent to you as the owner of theimpacted business unit and you are requested to approve the event.

• An audit work paper has been created and filled out by the preparer and evidence has been attached:you are the reviewer on the work paper and are being asked to review it.

• An incident has occurred, and has now been sent to you for review and comment.

• As control owner, you have been asked to attest to the effectiveness of a control.

Each of these scenarios are sent to you as an individual To Do object. The items assigned to you arrive onyour To Do list by way of the configurable lifecycle. For more information, see the Lifecycles topic in theIBM OpenPages GRC Platform User Guide.

The following example shows a single To Do item. The single item includes what action is required, theitem details, details from related objects, and information about the recent activity around this particularissue.

Figure 82: Example showing an individual approval app action

The following example shows the loss event item with the Loss Event Details expanded.


Figure 83: Example showing the loss event item with the Loss Event Details expanded

You can also view your complete To Do list. The list also shows the Due Date, Name/Description andlifecycle call to action. You can also see a list of items that you recently completed in the approval appusing this browser.

The following example shows the To Do list for a typical user.


Figure 84: Example of the approval app home page

You can also use the Sort By filter to sort your To Do items by Due Date, Information Type, or RequestType.

Figure 85: Example of how you can sort your To Do list

To access the approval app home pages directly (rather than through the email link), type in the followingcommand in your browser: http://<hostname>:10108/openpages/app/jspview/appLoader

You can also shorten the URL by removing "openpages" from the URL so that it is similar to this: http://<hostname>:10108/app/jspview/appLoader. For example, you might shorten the URL to support somemobile uses of the URL. For more information, see Shortening the URL for OpenPages GRC Platform.


http://www.ibm.com/support/knowledgecenter/SSFUEU_7.4.0/op_grc_admin/t_adm_shorten_url_ibmwebspere_appserver.html

For more information about using the approval app, see Responding to an approval app notification.

For information about approval app installation, see Approval app.

For information about triggers used for the approval app, see New lifecycle triggers in version 7.2.0.1.

New fix pack installation and deployment methodIn earlier versions of OpenPages, fix packs were installed using the InstallAnywhere product. Beginning in7.2.0.1, we are using the OpenPages Administrative Console.

This has the following advantages:

• Using the OpenPages Administrative Console to perform the fix pack updates enables all servers in thedeployment to be handled by one tool on a single system remotely.

• The OpenPages Administrative Console uses the existing topology from previous installs or upgrades,so there is minimal data to input; silent installations are much easier.

• By using the OpenPages Administrative Console for the fix pack installation you can leverage thelogging and validation features of the Administrative Console.

• The OpenPages Administrative Console fix pack installation uses documentation that is available in IBMKnowledge Center format, which is searchable.

For more information, see the Version 7.2.0.1 OpenPages Fix Pack Installer.

New global search enhancementsIn OpenPages version 7.2.0.1, there are new search enhancements.

For global search, indexing performance is improved by up to 20% or even, more based on your data andenvironment.

New configurable lifecyclesIn OpenPages version 7.2.0.1, three new lifecycles are added to the product, in addition to the existingquestionnaire and incident lifecycles.

These lifecycles are:

• Issues

• Controls

• Loss events

Lifecycles can continue to be extended to other objects as required. The lifecycles for issues and lossevents are integrated with the existing triggers defined on those objects. The emails that are sent as partof the new lifecycles (including incidents) are improved, and contain more information about the resource.Issues and loss events have also been updated to include a due date for any requests made through thelifecycle.

For information, see New lifecycle triggers in version 7.2.0.1.


http://www.ibm.com/support/knowledgecenter/SSFUEU_7.4.0/op_grc_user/t_ug_deck_response.html

http://www.ibm.com/support/knowledgecenter/SSFUEU_7.4.0/op_grc_installation/c_ig_approval_app.html

http://www.ibm.com/support/knowledgecenter/SSFUEU_7.4.0/op_grc_solutions/c_op_72fp1_life_cycle_triggers.html

http://www.ibm.com/support/knowledgecenter/SSFUEU_7.4.0/op_grc_solutions/c_op_72fp1_life_cycle_triggers.html


The enhancements in IBM OpenPages GRC Platform 7.2 cover five key themes.

• Engaging with subject matter experts

Full end-to-end lifecycle for questionnaire-based assessment programs introduces new ways for you toefficiently and effectively gather and analyze information from people in your organization.

• Integration with systems

Entitlement to the IBM Tivoli Directory Integrator ETL (extract, transform and load) solution, together withits built-in connectors to applications, databases, files, and a general-purpose connector to OpenPages,makes it easy to automatically gather and send information between enterprise applications andsources.

• Out-of-the-box solutions

Two new solutions, IBM OpenPages Regulatory Compliance Management and IBM OpenPages ModelRisk Governance, address unique GRC risk domains. The existing Internal Audit Management, ITGovernance, and Operational Risk Management risk domain solutions are enhanced with new andimproved capabilities.

• Usability enhancements

Ease-of-use enhancements to existing capabilities provide better information for the user and reducenavigation and complexity. Global search capability and Analytics bar provide powerful new abilities tounderstand and find information that users are looking for. And increased personalization allows usersto configure the system in the way that is most useful to them.

• Administration and serviceability

Enhancement to the trigger deployment model reduces complexity and testing needs whenadministrators update existing or deploy new triggers. New conformance items, including support forSAML V2.0 single sign-on, improve the ability to run IBM OpenPages GRC Platform in a way that betteraligns to your IT standards.

Solution enhancementsNew solutions and solution enhancements are included in this version of IBM OpenPages GRC Platform.

IBM OpenPages Regulatory Compliance ManagementThe new IBM OpenPages Regulatory Compliance Management solution supports firms in breaking downregulations into a catalog of requirements, evaluating its impact on the business, and creating actionabletasks.

IBM OpenPages Regulatory Compliance Management allows firms to complete the following tasks:

• Create a catalog of requirements that fulfill regulatory obligations

• Compare the internal control environment to regulatory obligations

• Assess the level of compliance of internal controls against the regulatory requirements

• Initiate remediation activities from the results of compliance assessments

For more information, see the IBM OpenPages GRC Platform Solutions Guide.

IBM OpenPages Model Risk GovernanceThe new IBM OpenPages Model Risk Governance solution supports firms in organizing and centralizingtheir model inventory. As a solution, it provides a configurable and customizable platform.

IBM OpenPages Model Risk Governance allows firms to complete the following tasks:

• Organize and maintain the enterprise-wide list of models

• Document and track issues associated with models in a central location

• Record model change management governance activities

• Schedule, track, and manage model reviews and validations

• Assign appropriate roles and responsibilities for model ownership and model risk management

• Report on model inventory and model issues


IBM OpenPages Operational Risk ManagementEnhancements to IBM OpenPages Capital Modeling are included in this version of IBM OpenPagesOperational Risk Management.

OpenPages Capital ModelingIBM OpenPages Capital Modeling includes updated reporting capabilities and new reports for loss dataanalysis and single models.

When you are selecting data for curve fitting for loss data, you can now create shifted distributions. Whenyou select the correlation parameters for your models, you can now view a scatter plot graph thatdescribes the relationship between the models. For more information, see the IBM OpenPages CapitalModeling User Guide.

IBM OpenPages IT GovernanceEnhancements to integration and incident objects are included in this version of IBM OpenPages ITGovernance.

OpenPages, connectors, and the QRadar integration packageYou can leverage information from across the business by using connectors to collect information fromthird-party solutions, such as IBM QRadar®.

IBM OpenPages GRC Platform 7.2 comes with IBM Tivoli Directory Integrator, a general-purposeintegration tool that you can use to build integrations between multiple data sources and targets. Thisgives you out-of-the-box capability to extract data from third-party data sources, transform the data forstorage in an appropriate format for analysis, then load it into the final target, such as a database or datastore. The TDI components themselves are simple, so you can extend them or use them as a basis tobuild new connectors.

IBM OpenPages GRC Platform 7.2 also contains an IBM QRadar integration package. If you have accessto QRadar - a separate stand-alone enterprise-level application - you can import Offenses from QRadarand transform them to create Incidents in IBM OpenPages GRC Platform. You can use QRadar filtering toretrieve a relevant subset of Offenses. For example, you can configure the connector to import onlyOffenses that are open, or based on the date. You can reuse the QRadar connector with many otherapplications, if you make the appropriate changes.

Figure 86: How OpenPages and QRadar work together


For more information, see the OpenPages connectors and QRadar topic in the IBM OpenPages GRCPlatform Administrator’s Guide.

Lifecycles on incident objectsThe introduction of lifecycles on Incident objects supports firms in standardizing how incidents arereviewed and investigated.

The lifecycle for incidents follows six stages:

• New

• In progress

• Review

• Escalation

• Escalation review

• Closed

When an incident is created, the system sets the lifecycle to the New stage and sends an email to the firstlifecycle assignee. Transitions take place when users open an incident object in the Detail View and clickLifecycle > <transition icon>. The stage determines the transition icon that is displayed. A user can adda comment with every transition.

Emails are sent to users with each transition to the next lifecycle. The email contains a hyperlink URL thatopens the incident object.

The system also provides end-to-end capability that automatically brings in offenses from IBM QRadarfiltering and transforming them into incidents in IBM OpenPages GRC Platform. You can then manage therelevant subset of offenses in the context of their impact on the business.

You can leverage this feature for incidents that are automatically created through the integration withQRadar. By default these incidents are created at the New stage. Users then define the owner and movethe incident to the In Progress stage by clicking the Lifecycle > Start icon.

IBM OpenPages Internal Audit ManagementEnhancements to timesheet entry are included in this version of IBM OpenPages Internal AuditManagement.

Timesheet entry helper now prepopulates rowsFor many customers who use the IBM OpenPages GRC Platform Audit capabilities, their auditors chargetheir time to the many items that they check each week.

When you move to a new week, it can be a lengthy and error-prone process to set up the timesheet tohave all of the rows for which the auditors need to charge time. Now, when a user of the Timesheet Entryhelper or the Administrator Timesheet Entry helper moves to a week with no rows populated, itautomatically populates one row in that new week for each row that exists in the most recent previousweek. This capability is optional and can be globally configured.


Figure 87: Timesheet prepopulated


Platform enhancementsEnhancements to installation and functionality are included in this version of IBM OpenPages GRCPlatform.

Installation and conformance enhancementsThere are numerous enhancements to the IBM OpenPages GRC Platform installation.

For more information, see the IBM OpenPages GRC Platform Installation and Deployment Guide.

Conformance enhancements

Support for the Oracle 12.1.0.2 database server and database client is now supported in addition to theexisting supported versions.

Microsoft Internet Explorer version 11 is now supported in addition to the existing supported versions.

Google Chrome is now a supported web browser.

OpenPages GRC Platform requires new versions of the following software:

• IBM Runtime Environment for Java 1.7.3

• IBM WebSphere Application Server Network Deployment 8.5.5.5

• IBM Cognos Business Intelligence (BI) version 10.2.2.1

IBM WebSphere Liberty Profile 8.5.5.6 is now installed with OpenPages CommandCenter instead ofApache Tomcat. Tomcat is no longer supported.

Updates to solutions trigger files

In the previous release, the jar files and the xml configuration files that are used by the solutions triggerswere required to be stored in combined files. They can now be stored in separate files to simplify thefollowing tasks:

• Maintaining existing triggers.

• Creating new triggers.

If you separate the trigger files, then it would no longer be necessary to retest all triggers whenever youchange an existing one or add a new one.


When you upgrade or migrate IBM OpenPages GRC Platform, the following trigger files are updated.

• Standard solutions classes are removed from the openpages-ext.jar file.

• A new file is deployed, openpages-solutions.jar, that contains the standard solutions classes.

SAML V2.0 single sign-on

You can now configure IBM OpenPages GRC Platform to use SAML V2.0 for single sign-on without theneed for custom code and without involvement from IBM Services.

LifecyclesThe lifecycle feature offers new capability to customize and control processes that objects follow.Lifecycles are configured out-of-the-box for questionnaire assessments and incidents but can beextended to other objects. Lifecycles define the stages that an object type follows.

When a lifecycle starts, users are informed in an email that they must complete a task, for example,answer questions in a questionnaire assessment. When the user completes the task, the object moves tothe next lifecycle stage and the next lifecycle assignee. Email notifications are sent with each transition.The lifecycle process is finished when all the stages are completed. You have a record of who did whattask and when.

At each lifecycle stage, the system:

• Identifies a lifecycle assignee

• Defines the actions available on the Lifecycle icon to move an object to a different stage

• Sends an email to the new lifecycle assignee

• Defines other attributes (read-only and in review) that are related to the current stage

The assignee for a stage is defined in the lifecycle trigger. An object can have only one lifecycle assigneeper stage. A user can add a comment with each transition.

For questionnaire assessments lifecycle transitions are triggered when respondents and reviewers work inthe questionnaire UI and click a lifecycle icon in the title bar, for example, Actions > Approve and Closeor Actions > Reject. The lifecycle determines the icons that are displayed.

The following example shows the lifecycle icons in the title bar of the new questionnaire UI. This is athree-stage lifecycle and the questionnaire assessment is in the "Review" stage. In the example, thereviewer is the current lifecycle assignee and has the questionnaire assessment open in the questionnaireUI. The reviewer can now decide either to approve it or to reject it and send it back to the respondent forcorrections.

Figure 88: Example of Lifecycle icons in questionnaire UI

The following example shows the new lifecycle icons in the Detail View for an incident. This is a six-stagelifecycle and the incident is in the "In progress" stage. The primary owner of the incident is the lifecycleassignee for this stage and has it open in the Detail View. The primary owner can now decide either toescalate it or to send it for review.

Figure 89: Example of Lifecycle icon on an incident object


Lifecycle information is stored on the object instance. Open an object in the Detail View to see its lifecycleinformation. Lifecycle fields are read-only except for Update Assignee, which when set to Yes reappliesthe lifecycle assignee. You can add, correct, or update Object Owners and automatically update thelifecycle assignee based on the new owner.

Figure 90: Example of lifecycle information on an object


Questionnaire assessmentsYou can use the new questionnaire assessments to assess risk and compliance or to collect informationfor specific processes and asset risks. The new capability streamlines, standardizes, and centralizes thecollection of questionnaire-based assessment information.

Respondents answer questionnaire assessments in a new easy-to-use questionnaire UI that is separatefrom the OpenPages application. The lifecycle guides respondents and reviewers through the process oflaunching, submitting, reviewing, rejecting, and approving the questionnaire assessments. You canmonitor and track questionnaire assessments from when they are launched through to completion.

Questionnaire assessments include the following new objects and UIs:

• Programs

• Questionnaire templates

• Questionnaire assessments

• Author UI

• Questionnaire UI

Questionnaire assessments are based on existing assets that you want to assess and measure. Theassets can be resources, processes, subprocesses, or employees. You design questionnaire templatesand write questions in the new author UI. You use programs to define, launch, and distribute questionnaireassessments to respondents. Respondents use the new questionnaire UI to provide their answers.

Questionnaire assessments are coupled with the new lifecycle capability to provide an out-of-the-boxsolution. There are three pre-defined lifecycles for questionnaire assessments: two-stage, three-stage, orfour-stage. A questionnaire assessment moves from one stage to the next when a user submits, rejects,or approves it. Emails are sent to users with each transition to the next lifecycle. The email contains ahyperlink URL that opens the questionnaire UI to the questionnaire assessment that requires attention.

The following example shows the launch page for the new questionnaire UI. You can customize thedescriptive text on this page and include your own company logo in the header.


Figure 91: Example of Questionnaire launch page

The following example shows the new questionnaire UI that respondents and reviewers work in. Thesection list shows the overall structure of the questionnaire template. It also displays how many questionsare in each section. You can use the question filter in the title bar to control the questions that aredisplayed. You can choose: All questions, Completed questions, Incomplete questions, or Rejectedquestions. The icons in the title bar, like Submit in the example, are driven by the lifecycle. Thisquestionnaire assessment is at the information gathering stage and a respondent is ready to beginanswering questions.


Figure 92: Example of Questionnaire UI

For more information, see the Questionnaire assessments topic in the IBM OpenPages GRC Platform UserGuide.

Analytics barWhen you are using a Filtered List View or Grid View for an object type, you can now view filters in theAnalytics bar. You can also set a default filter for each object type.

The Analytics bar provides an overview of saved filters for an object type. Each user can personalize theAnalytics bar to suit their individual needs. You can choose whether you want to view the Analytics bar foreach object type. Where you decide to use the Analytics bar, you can control the filters that you want tosee, and the order in which they appear.

In the following example, the Analytics bar includes filters to monitor questionnaire assessments atdifferent stages of completion. For each filter, the number of results is also shown. The "All Open" filter isselected and applied, and the results are shown in the Filtered List View.

Figure 93: Example of the Analytics bar


From the Analytics bar, you can also set a default filter for each object type. Previously, for all objecttypes, the Administrator could choose to globally show or hide all objects that were available to you. Now,when you access a Filtered List View or a Grid View, it is already filtered to show only the set of objects ofinterest to you. As a result, these views are more focused on your individual requirements.

For more information, see the IBM OpenPages GRC User Guide.

Global searchGlobal search is an optional component that you can install so that users can search easily for objectsacross the entire application to increase their productivity. The search server that you install for globalsearch is deployed as part of the IBM OpenPages GRC Platform application.

Using global search, you can type search terms and the result is a list of objects relevant to your searchterms. Search is not limited to the Name and Description fields, and it uses natural language technologythat is combined with relevancy ranking to give you the best match possible. Using the Narrow by featureof global search, you can further narrow your result set to a specific object or a combination of objecttypes.

From the result set, you can easily find the content that you are looking for and then hyperlink to it with asingle click.

The following graphic shows the search results for the string "account".

Figure 94: Search results for the string "account"

For more information, see the IBM OpenPages GRC Platform User Guide.


Connector strategyYou can now leverage information from across the business by using connectors to collect informationfrom third-party solutions.

There is now an out-of-the-box connector to OpenPages that gives you the ability to connect to othersystems, databases, and files by using IBM Tivoli Directory Integrator.

IBM Tivoli Directory Integrator is a general-purpose integration tool that you can use to build integrationsbetween multiple data sources and targets. The version included with IBM OpenPages GRC Platform 7.2is IBM Tivoli Directory Integrator 7.1.1.

For more information, see the OpenPages connectors and QRadar topic in the IBM OpenPages GRCPlatform Administrator’s Guide.

Enhancements to the Add New wizardThere are numerous enhancements to the Add New wizard.

Hyperlink to Add New wizardYou can now click a hyperlink URL and open the Add New wizard to create an object of a specific type.

You can click a hyperlink URL, for example, one you received in an email, and go directly to the Add Newwizard in a new window. If you are not logged in and not using Single Sign on, you must log in. A newbrowser window or tab opens and displays a page with the Add New wizard.

After the Add New wizard is open, the Add New wizard works the same as from other access points.

For more information, see the Adding an object instance with the Add New wizard topic in the IBMOpenPages GRC Platform User Guide and the Task-oriented hyperlinking topic in the IBM OpenPagesGRC Administrator's User Guide.

Add New wizard defaults to first fields pageThe Add New wizard now selects a different default page when it is opened.

The Add New wizard no longer defaults to the Create or Parents page if those pages are alreadycomplete and valid. It now defaults to the first page where you can enter information in fields.

Add New wizard improved Create from scratchThe Create from scratch page in the Add New wizard was simplified.

When you click Create from scratch on the Create page, the existing object picker interface is no longerdisplayed. That interface is displayed only if you select the Create From Existing option.

Add New wizard supports associating childrenThe administrator can now configure object types that the user can associate to the object that is beingcreated. New pages in the wizard give access to this capability.

For example, a user can now associate an existing Issue to a Control being created to address the contentof the Issue, which is the missing Control.

In previous releases, it was not possible in the Add New wizard to associate existing child objects to theobject that is being created.

Add New wizard supports multiple views for layoutA new category of view that is called Creation views allows the selection of multiple Add New viewdefinitions for a single object type for a single profile.

You might want to have the Add New wizard display different fields in the fields pages, or different objecttypes in Associate pages, based on the purpose of the object that is being created. In this case, theadministrator can define multiple Creation views to select, and the user can choose which one to useeach time they create an object. For example, if you create a Program instance to assess Resources, youwant an Associate page on the Add New for Resources, and not one for Employees. Then, the nextProgram instance you create, you might want to assess Employees, and would want an Association pagefor Employees, and not for Resources.


Creation views do not appear in the view selector on the Detail or Filtered List View pages.

In previous releases, the layout of the Add New wizard was driven by a single view definition, either anActivity View that is named Add New, or the Detail view.

For more information, see the Creating a Creation view topic in the IBM OpenPages GRC PlatformAdministrator's Guide.

Add New wizard uses a filter to search for objectsWhen you select an existing object in the Create tab, Parent tab, or associated children tabs in the AddNew wizard, you can now search for an object by running a saved filter.

For example, if you are creating a control, you can choose the existing issue that identified the missingcontrol.

The following diagram shows an example of an associated child object tab for issues, and illustrates thesaved filters that you can use to search for objects.

Figure 96: Example of the Add New wizard

For more information, see the New object instances topic in the IBM OpenPages GRC Platform UserGuide.

Add New wizard uses background processes for child associationsFor performance reasons, large numbers of child associations are now completed in a backgroundprocess instead of while you wait.

The system uses a background process anywhere that you can associate child objects to a parent object,for example:

• Add New wizard


• Add New page from a hyperlink URL

• Associate pages

• Launch program

You receive an email when the associations are finished. The email contains links to a process report andto the object's Detail page. You can also review the status of long-running processes on the new menuitem, My OpenPages > Background Processes > My Background Processes.

The following example shows the message displayed when a background process is started.

Figure 97: Example message for background processes

The following example shows how the background processes are displayed on My BackgroundProcess.


Figure 98: Example of My Background Processes

For more information, see the IBM OpenPages GRC Platform Administrator's Guide.

Enhancements to filters and viewsThere are numerous enhancements to filters and views.

Filter on group membershipWhen you filter on a group, you can now have a filter that returns records where the user is named on therecord, or the user is a member of a group that is named on the record, either directly or through asubgroup. This allows you, for example, to bring objects to all members of a triage team, and the firstperson who gets to the object can address it.

You can create these filters for Filtered List View filters and on home page filters. For example, yourinternal audit organization is divided into teams. There is a Multi-User/Group field that is called AuditManagers and Reviewers on the Audit object. It is populated with the names of the review team for thatAudit.

Let's say you have the following group structure:

Sample Users (group) > Sample Users Level 2

You add a filter on Audit Managers and Reviewers = END_USER

You create one audit and set Audit Managers and Reviewers = Sample Users

You create another audit and set Audit Managers and Reviewers = Sample Users Level 2

If the current user is a member of Sample Users Level 2, then both audits are returned. If the user is amember of Sample Users directly, then only that audit is returned. And if the current user is not a memberof either group, then neither audit is returned.

The following graphic shows an example of filtering for group membership.


Figure 99: An example of filtering for group membership

In previous versions when you filtered on a group, you filtered only on the name of the group, and not onusers who are members of the group.

For more information about filtering, see the Filtering information topic in the IBM OpenPages GRC UserGuide.

Highlight and persist selected Detail and Activity View child list itemsDetail and Activity View child lists now indicate which item has been selected.

In addition, the selected item persists during your session so that when you return to that view, the itempreviously selected and displayed is again selected and displayed. If the selected item is on a list ofmultiple pages, you return to the page that contains the selected item without paging through thepreceding pages.


Figure 100: Selected row highlighting

Previously, there was no indicator to show which item you selected from the list pane for Detail andActivity Views.

Printing Detail View informationYou can share information in IBM OpenPages GRC Platform with others by printing the relevant part of theDetail View.

You can print the information from the Details section of the navigation pane on the Detail View page.Click the Print icon next to the Actions menu to open a new window that contains the content to beprinted. The print function not only prints what is visible on screen, but also information that is scrolled offthe screen.

As well as sections, you can print the contents of derived fields such as Orphan, Business EntityHierarchy, Primary Parent Hierarchy, and Computed fields.

You can print labels, sections, and enum values in the locale of the user. A header appears on every page,containing Date/Time in the locale of user.

Note: To change the time format when you print a Detail View, specify the format using the page setupfrom the Print settings for the Chrome or Microsoft Internet Explorer browsers.

The print function does not print the following types of information:

• Related Information

• Context View

• Hover help


• On Demand fields content

After printing, you return to where you were before, and in same state. For example, if you were on thesecond page of child list, you return to the second page; if you were in Read mode, you return to Readmode.

Figure 101: Sample of a Detail view ready to be printed

Sort order on Overview pagesThe information on the Overview pages is now sorted in a more usable way.

The information is sorted first by Object Type Label (ascending) and then by Object Instance name(ascending). This makes it easier to read when a level includes a mixture of objects of different types. Thesort works across languages and for non-Latin alphabets like Chinese. Previously, information was sortedonly by the Object Instance Name.

The following figure shows the sort order as it was in previous versions. The order was alphabetical byname.


Figure 102: Example of sorting in previous versions

You can compare that to the following figure, which shows an example of the new sort order. Notice howthe items under Agency Services are ordered by type and then name.


Figure 103: Example of new sorting on Overview pages

Identify individual editable fields in Filtered List ViewsYou can now configure individual fields that are editable in Filtered List Views. Previously, either all or noneof the fields were editable in Filtered List Views.

Select the profile and then the object to configure. Click Navigational Views > Filtered List View. Selector clear the Read-Only column for individual fields to determine whether they are editable in the FilteredList Views.

The following graphic shows an example of the Read-Only column on a Filtered List View.


Figure 104: Example of a Filtered List View

Mathematical equation editorYou can now add mathematical equations that support IBM OpenPages Model Risk Governance andother solutions. The equations are rendered in all views. They are also represented in Cognos reports inHTML output.

In all rich text fields you can click the new fx icon in the toolbar to open the CodeCogs Equation Editor.You can save and render equations on the screen. You can load or update them in a rich text field withObjectManager and Fastmap. You can also export them to Microsoft Excel from a Filtered List View orGrid.

The following illustration displays the equation in edit mode.


Figure 105: Equation in edit mode

The following illustration displays the completed equation.


Figure 106: Completed Equation


Calendar widgetThe calendar widget is now consistent throughout the system.

There is now one calendar widget that works the same from all end user access points. Previously, therewere two widgets. The following figure shows an example of the calendar widget:

Figure 107: Example of the calendar widget


Personalized home pageYou can now control the display and order of the panes on the My Work tab on the home page.

The My Work tab contains numerous panes with predefined lists, filtered lists, and reports that have beenset up for you by an administrator. This enhancement allows you to personalize the My Work tab to bemore specific to your role and to rearrange the panes so you can easily and quickly access what you workon every day.

Click the Configure icon next to the My Work tab name to open the Personalize My Work HomePage Portlets page. Here you can design how you want the panes to be organized. You use Show tocontrol whether panes are displayed and the arrows to determine where they appear.

Figure 108: Example of the Personalize My Work Home Page Portlets page

The changes are made immediately on the My Work tab, as show in the following example.


Figure 109: Example of the My Work tab

For more information, see the Customizing the My Work tab topic in the IBM OpenPages GRC User Guide.

API enhancementsThere are numerous enhancements to the GRC REST API.

• Enhanced query service for lock status

Added IS_LOCKED as a system field. It returns a Boolean for the GRC object. You use it to filter onobjects that are locked or to check lock status without retrieving an entire GRC object.

• Enhanced query service for counts of GRC objects

Added a COUNT function. You can now easily find how many GRC objects meet certain criteria.

• Add and update currency FX rates

Now supports the ability to add and update currency foreign exchange rates with the GRC REST API.Previously, the API only supported reading the rates.

• Notification triggered on user assignment

Added reusable, generic, out-of-the-box GRC triggers that can send users a standard format emailwhen user field values change.

• Utility to format username based on settings

Added an API to format a user name based on DISPLAY_NAME_FORMAT application text key for the localeof the user. You no longer must duplicate the username formatting logic used by the application UI.



Both end users and administrators benefit from the new features in this release.

New method for adding objects

Administrators and users can now easily add new object instances on a single page from anywhere in thesystem.

Using the Add New wizard, the users can create and save an object by entering only the minimum, mostimportant information based on the user's profile. When Auto Naming and Save as Draft are enabled,new objects can be added with only two clicks.

Where possible, the system leverages context to simplify input for the users. The users can leverage alibrary of object templates to simplify input requirements and to drive corporate standards when theycreate objects.

The Add New wizard can be used to add a row to a grid view and to add file attachments, which makes itpossible for the user to stay on the grid view and get more work done without leaving the page. The usercan associate the new object to multiple parents of different object types, eliminating the need for extranavigation and tasks in the user interface after the object is created.

A confirmation message with a hyperlink to the new object appears after the object is saved. Users canaccess the object with one click if they choose to specify additional information.

Figure 110: The Add New wizard


Field level security and data encryption

You can specify access rights and enable data encryption at the individual field level. These new securitycapabilities provide more granular control over access to data and enforce segregation of duties acrossan organization.

With the new security capabilities, a chief compliance officer can be assured that access to corporateGRC data is controlled at the required granularity, based on employees' roles, and that confidential orsensitive information is not overexposed. A business user, such as an owner, a reviewer, or an approveron a specific GRC object instance, can view and edit a set of fields, depending on his or her role and thestate of the associated object. A database administrator who performs IBM OpenPages GRC Platformbackups cannot access confidential or sensitive data. All of these benefits are achieved with minimaladministrative impact.

Field level security is enforced at all levels of the system, including the application user interface, Cognosreports, Risk APIs, data export and import (FastMap), and data load.

When you apply this type of security, the fields are rendered proactively based on the users' accessrights. Read-only fields are displayed as non-editable. The values in the inaccessible fields are displayedas Confidential for users who do not have the required access rights.

The following figure shows an example of an issue for which field level security is applied. The values inthe fields that are not accessible to the logged in user are shown as Confidential .


Figure 111: Example of an issue for which field level security is applied

Administration user interface for creating and maintaining field level security is the same as the userinterface for record level security. The same grammar rules apply for both types of security.

Administration user interface is also provided to manage the encryption keystore and to specify whichfields to encrypt.


Simplified and more intuitive user interface for selecting users and groups

Selecting users and user groups is now quicker and easier because of an improved user interface.

You can select from the list of ten recently-used users or groups that are automatically available for easyselection, or search for the required users or groups. The search results are rendered as you type.

The following figure shows an example of the new user and group selection window.


Figure 112: User and group selection window

Integration with OpenPages Capital Modeling

IBM OpenPages Capital Modeling provides tools to analyze, simulate, and quantify operational riskcapital. Together, IBM OpenPages GRC Platform and OpenPages Capital Modeling provide a completesolution for operational risk management, measurement, and mitigation that includes data elements (Loss,FIRST, Scenario, RCSA, and KRI), capital calculation, and advanced reporting.

For data analytics, this solution combines robust data analytics with statistics and scaling features toassess and analyze multiple forms of operational risk data. Multiple data sources, including internal lossdata, external loss data, and structured scenario data, can be modeled independently or together.

For capital calculation, this solution offers the following capabilities:

• Multiple methods of operational risk capital calculation, including Basic Indicator Approach® (BIA),Standardized Approaches (TSA, ASA), and Advanced Measurement Approach (AMA).

• Robust calculation engine that includes a number of frequency and severity distribution choices, a fullyintegrated curve fitting tool, and a robust Monte Carlo simulation engine to calculate aggregate loss.

• Additional advanced distributions, including Pareto distribution and inverse Gaussian distribution.

• Copula-based correlation, including Student T and Gaussian.

• IBM SPSS® R plug-in to access the statistical features of R.



Entitlement for IBM Security Directory Integrator

IBM OpenPages GRC Platform can now be easily connected to other data sources because it nowincludes an entitlement to IBM Security Directory Integrator (ISDI) version 7.1.1 for OpenPages only.

This entitlement allows to use all ISDI input and output data connectors for connection to OpenPages.

ISDI is used to extract and transform data from one system and load it into another system. It includesconnectors for a number of systems by default, and more connectors can be easily constructed. Itsupports most standard protocols, application programming interfaces (APIs), and formats, includingXML, JSON, JDBC, HTTP/REST, and web services.

ISDI can be used to feed regulatory content, benchmarking content, KRI data, IT operational system data,and so on, between other systems and OpenPages, tightly integrating OpenPages with the GRCecosystem.

The following diagram shows how ISDI is used to integrate OpenPages with data from other systems.

Figure 113: Using ISDI to integrate OpenPages with data from other systems

Control over the object parent information when exporting data

You can configure the FastMap export template to optionally include the object parent information whenyou export data in IBM OpenPages GRC Platform.

The resulting FastMap format worksheet can be used to load the objects and their associations to anothersystem that does not contain these object and association instances, but has the same configured objecttypes and associations, fields, and profiles. The data on the loaded target system will be the same as onthe source system from which the content was exported.

For more information about the new FastMap parameters, see the section about FastMap parameters forimporting and exporting data in the IBM OpenPages GRC Platform Administrator's Guide.

Enhanced usability of the home page lists

Each home page list, including predefined and configured lists, now shows the number of list items in thelist header, in parentheses.

The users know at a glance if there are additional items that do not appear in the list on the home page, orif some items in the list have been scrolled out of their view. This information is visible even when the listis collapsed. If a list has zero items, the users know that they do not need to expand the list.

The following examples show the type of information about the lists that users can see in the home page.My Open Issues (3) indicates that there are 3 items in the list and all items are displayed in the list.


Current and Future Audits (5 of 47) indicates that the list of items is truncated, where 5 correspondsto the number of visible items and 47 corresponds to the total number of items in the list. My Open AuditReview Comments(0) indicates that there are no items in the list.

Figure 114: Examples of lists with the number of items in the header

This feature is available by default; it is not configurable.

Task oriented hyperlinksYou can now add hyperlinks that point directly to views and filters in IBM OpenPages GRC Platform whereusers need to perform tasks. The hyperlinks can be added from internal or external locations, and canalso include filters.

For example, in a notification email to a risk owner, you can include a hyperlink to the Rate This RiskActivity View if the risk is ready to be rated, but a hyperlink to the Assess the Controls for Risks ActivityView if the risk controls need to be assessed. Additionally, an email to a person responsible for collectingKRI values could contain a hyperlink to the Enter KRI Values Grid View with the My KRIs with Values tobe Entered public filter applied.

This new capability allows you to create hyperlinks that are task focused and applicable to the objectlifecycle stage.

You can create hyperlinks that include the following target views:

• The Detail View for a specific object instance, in read-only mode.

• A specific activity view for an object instance.

• The Filtered List View for a specific object type with a public filter applied.


• A specific grid view for an object type with a public filter applied.

You can add hyperlinks from the following locations:

• OpenPages reports.

• Notification emails.

• OpenPages JSP helper applications.

• Within the OpenPages application, using computed fields or URL link fields.


Task focused home page

Home page filtered lists can now be made task focused.

Using new configuration settings, administrators can control the fields that are displayed, specify thedetail or activity view to be used for the Name hyperlink target, and specify the filtered list view or specificgrid view to be used for the Show All hyperlink target. This is intended to direct users to a view that isappropriate for the task for which the list was generated rather than to the generic user interface.

The following graphic shows two examples of lists, My Open Findings(2) and My Findings forReview(1). The fields and columns that are displayed in the lists are specific and appropriate for the tasksassociated with the lists. The hyperlink targets are also specific and appropriate for the task associatedwith the list.

Figure 115: Examples of task focused lists in the home page

For information about the new configuration settings, see the IBM OpenPages GRC PlatformAdministrator's Guide.


Speed improvements for administrators

The following improvements help to speed navigation in the user interface.

• Operations that involve changes to profiles are now performed much faster than before. The timesavings quickly add up especially when making multiple changes.

The time to load profiles by using ObjectManager is also greatly reduced, allowing shorter changewindows to be used for adding and enhancing profiles programmatically.

• The first two levels of folders in the Administration Settings folder hierarchy are automatically opened.


Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document in other countries.Consult your local IBM representative for information on the products and services currently available inyour area. Any reference to an IBM product, program, or service is not intended to state or imply that onlythat IBM product, program, or service may be used. Any functionally equivalent product, program, orservice that does not infringe any IBM intellectual property right may be used instead. However, it is theuser's responsibility to evaluate and verify the operation of any non-IBM product, program, or service.This document may describe products, services, or features that are not included in the Program orlicense entitlement that you have purchased.

IBM may have patents or pending patent applications covering subject matter described in thisdocument. The furnishing of this document does not grant you any license to these patents. You can sendlicense inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual PropertyDepartment in your country or send inquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan

The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATIONPROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS ORIMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimerof express or implied warranties in certain transactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodicallymade to the information herein; these changes will be incorporated in new editions of the publication. IBMmay make improvements and/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided for convenience only and do not inany manner serve as an endorsement of those Web sites. The materials at those Web sites are not part ofthe materials for this IBM product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it believes appropriate withoutincurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose of enabling: (i) theexchange of information between independently created programs and other programs (including this one)and (ii) the mutual use of the information which has been exchanged, should contact:

IBM CorporationLocation Code FT0550 King StreetLittleton, MA

01460-1250U.S.A.

Such information may be available, subject to appropriate terms and conditions, including in some cases,payment of a fee.

The licensed program described in this document and all licensed material available for it are provided byIBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or anyequivalent agreement between us.

Any performance data contained herein was determined in a controlled environment. Therefore, theresults obtained in other operating environments may vary significantly. Some measurements may havebeen made on development-level systems and there is no guarantee that these measurements will be thesame on generally available systems. Furthermore, some measurements may have been estimatedthrough extrapolation. Actual results may vary. Users of this document should verify the applicable datafor their specific environment.

Information concerning non-IBM products was obtained from the suppliers of those products, theirpublished announcements or other publicly available sources. IBM has not tested those products andcannot confirm the accuracy of performance, compatibility or any other claims related to non-IBMproducts. Questions on the capabilities of non-IBM products should be addressed to the suppliers ofthose products.

All statements regarding IBM's future direction or intent are subject to change or withdrawal withoutnotice, and represent goals and objectives only.

This information contains examples of data and reports used in daily business operations. To illustratethem as completely as possible, the examples include the names of individuals, companies, brands, andproducts. All of these names are fictitious and any similarity to the names and addresses used by anactual business enterprise is entirely coincidental.

If you are viewing this information softcopy, the photographs and color illustrations may not appear.

This Software Offering does not use cookies or other technologies to collect personally identifiableinformation.

Copyright

Licensed Materials - Property of IBM Corporation.

© Copyright IBM Corporation, 2003, 2018.

US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP ScheduleContract with IBM Corp.

This information contains sample application programs in source language, which illustrate programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programsin any form without payment to IBM, for the purposes of developing, using, marketing or distributingapplication programs conforming to the application programming interface for the operating platform forwhich the sample programs are written.

These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guaranteeor imply reliability, serviceability, or function of these programs. You may copy, modify, and distributethese sample programs in any form without payment to IBM for the purposes of developing, using,marketing, or distributing application programs conforming to IBM's application programming interfaces.

Trademarks

IBM, the IBM logo and ibm.com are trademarks or registered trademarks of International BusinessMachines Corp., registered in many jurisdictions worldwide.

118 Notices

The following terms are trademarks or registered trademarks of other companies:

• Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation inthe United States, other countries, or both.

Other product and service names might be trademarks of IBM or other companies. A current list of IBMtrademarks is available on the Web at " Copyright and trademark information " at www.ibm.com/legal/copytrade.shtml.

Notices 119

http://www.ibm.com/legal/copytrade.shtml

version 7.4.0 ibm openpages...

Documents