In order to have meaningful SLAs for NormShield built-in ticketing process, take ownership flow has been implemented as shown in the following flow chart and conditions.
Before starting SLA day, it is important to find real owner of the vulnerability, so we implemented a sub-process called take ownership before starting actual SLA. It is customizable to activate it or not.
- Only users can perform take ownership
- Reminder mails are only sent to the vulnerability assignees
- For users: with their one-level manager
- For groups: to group email address if mail is not exists; every member in the group
- Escalated reminder mails are sent to both vulnerability assignee and his/her level-1 and level-2 managers.
- A take ownershipped tickets can only be transferred by a level-2 manager
- Managers are sent ticket status weekly digest reports of their subordinates
- Take ownership due date is adjustable and in terms work days