Approvals¶

The My Approvals Page displays all items currently awaiting your approval. If you are designated as a change approver, access approver, or vulnerability deviation approver within your organization, pending items will appear here for your review.

Use the approve or reject buttons to respond to each request.

Approval Types¶

The following request types may appear on your approvals page depending on your role:

• Change Request Approvals - proposed changes to systems within the authorization boundary, including configuration changes, deployments, and maintenance activities
• User Access Request Approvals - requests for new user onboarding, offboarding, or access modifications including privileged access changes
• Vulnerability Deviation Request Approvals - requests to accept, defer, or document risk for identified vulnerabilities that cannot be remediated within standard timeframes

Approval Workflow¶

By default, approval requests follow a two-stage workflow before reaching your approvals page:

1. Change Advise Board (CAB) Review - agents and technicians within the GRC-ITSM platform first review and approve the request from the technical side, ensuring it meets compliance and security requirements
2. Organizational Approval - once the CAB has approved, the request is forwarded to the designated end user within your organization who holds the appropriate approval role (Change Approver, Access Approver, or Deviation Approver) for final sign-off

This workflow allows organizational management to review and authorize changes, access requests, and vulnerability deviations directly through the self-service portal, without needing agent or technician access to the platform. Approval processes are highly customizable to suit your organization's needs.