Record of Processing Activities (ROPA)
      Back to home
      1. Knowledge Base
      2. Record of Processing Activities (ROPA)

      Record of Processing Activities (ROPA)

      Introduction

      This article comprehensively overviews the recently introduced Record of Processing Activities (ROPA) feature on the OvalEdge platform.

      This feature is available from Release6.1.1 onwards.

      What is ROPA?

      A Record of Processing Activities (ROPA) is a critical record-keeping module outlining an organization's data processing activities, including collecting, processing, and using personal data. It enables organizations to evaluate their data processing activities, identify potential risks to data privacy, and implement appropriate risk management measures. Regulatory bodies use ROPA to ensure that GDPR compliance is met and that personal data is protected. ROPA plays a pivotal role in demonstrating an organization's commitment to data privacy and GDPR compliance.

      How Does OvalEdge Maintain ROPA ?

      OvalEdge offers a user-friendly solution for organizations to track, monitor, and report their compliance with the Record of Processing Activities (ROPA). The OvalEdge UI-driven system allows multiple departments handling Personal Identifiable Information (PII) data to report their processing activities centrally and on an ongoing basis.

      The OvalEdge platform allows for editing details of processing activities and enables compliance team members to collaborate with processors and controllers of different processing activities to collect information promptly.

      Our system generates ROPA  reports for different periods, and ensures approvals from different stakeholders before finalizing reports. The approved reports are stored in a repository for future reference. OvalEdge supports reminders for processing activities to ensure timely validation and updates. Our solution ensures that organizations can easily maintain GDPR compliance by providing a simple, centralized platform for monitoring and reporting data processing activities.

      Prerequisites

      To configure the settings for globalsearch to work, follow these steps:

      1. Navigate to Administration → System Settings.
      2. Click on the "Others" tab.
      3. Configure System Setting 1: Search for the key column "oe.globalsearch.searchorder". This configuration determines the sort order in the global search. Enter the parameter value as "ALL,glossary,oetable,oetag,oeschema,oecolumn,oefile,oefilecolumn,oechart,chartchild,oestory,oequery,project,servicedesk,comment,processingactivity,ropareport"
      4. Configure System Setting 2: Search for the key column "globalsearch.es.objecttabs.display". This configuration controls the visibility of object tabs in the global search. Set the parameter value as "ALL,glossary,oetable,oetag,oeschema,oecolumn,oefile,oefilecolumn,oechart,chartchild,oestory,oequery,project,servicedesk,processingactivity,ropareport".
      5. Configure Advanced Jobs: Navigate to Administration → Advanced Jobs. Search for “Advance Job for Indexing Existing Data into Global search" in the Name column.  Edit Attribute1 and add "processingactivity,ropareport". Click on the Update button to save the changes.

      GDPR ROPA 

      GDPR ROPA  stands for General Data Protection Regulation (GDPR) Record of Processing Activities. It refers to the requirement under GDPR for organizations to maintain a detailed and up-to-date record of their data processing activities. It enables the documentation and tracking of processing activities specifically related to Personal Identifiable Information (PII), ensuring compliance with data protection regulations and protecting individual privacy. OvalEdge ROPA  comprises two main components:

      • Processing Activities: Capture and document the various operations performed on personal data, including collection, storage, retrieval, use, disclosure, alteration, and deletion.
      • Reports: Generate comprehensive reports that consolidate the recorded processing activities. These reports provide an overview of data handling practices, data flows, data subject rights, security measures, and compliance status.

      Processing Activities 

      Processing activities refer to operations and actions performed on data that can directly or indirectly identify an individual. These activities involve the collection, storage, retrieval, use, disclosure, alteration, or deletion of PII within an organization.

      • Status of Processing Activity (PA): The user can change the status of the Processing Activity by clicking on the edit icon beside the associated PA's status column.
        • A status bar is displayed at the top of the Processing Activity page to summarize all the activities.
        • The status of PA is also color-coded for easy understanding.
          • New
          • Open
          • Closed
        • By hovering over the status bar located at the top of the page, a summary of all the current processing activities (PAs) is displayed.
        • Users can also view the history of the status changes that were performed on the respective PA.
      • Editing a Processing Activity (PA): Modification of an existing PA can be performed either from the PA details page or from the individual PA Summary page using the Nine Dots menu.
      • Downloading a Processing Activity (PA): Users can download a PA by using the download icon at the bottom right of the Processing Activities page in the list view.

      Steps to Create a Processing Activity in OvalEdge

      Follow the steps below in the same order to create a ROPA  in OvalEdge.

      • Login to OvalEdge Application, navigate to Governance Catalog > Compliance > GDPR ROPA , and click on the +” icon. The Add Processing Activity pop-up is displayed.
      • The Add Processing Activity consists of a few self-explanatory fields allowing the user to add a Processing Activity.
      • Before moving to the next step, the user must fill out the following mandatory fields:
        • Processing Activity Name
        • Group
        • Division (Select the “Group” before selecting this option)
        • Processor
        • Controller
        • Automated Decision Making
        • Start & End Date
        Note: Terms have to be configured for Processing Activity to generate a ROPA  report.

      Processing Activity (PA) Summary

      The processing activity summary in GDPR ROPA  provides a comprehensive snapshot of essential information related to the processing activity and associated data objects. It encompasses the activity description, custom fields, PII terms, data subject categories, top users' engagement, update history, and important dates like creation and modification. This summary offers a concise overview of the key details of the processing activity.

      Configure PII Terms for PA

      Adding/Modifying terms can be performed either from the summary page of the associated PA or using the Nine Dots menu. Users can add or remove multiple terms at once.

      On the summary page of processing activity (PA), if two or more terms belonging to the same domain are added, the Data Subject Categories will be displayed with unique  domain values of all the terms displayed. This is done instead of showing a list of all the terms added.

      Example: As shown below, The terms “Age” and “Company Name” are added to the PA. Instead of displaying both the terms, “PIL Sensitive Personal Information” is displayed as the data subject categories.

      How to create a Domain and configure Categories?

      To create a Domain, users need to navigate to the Administration > System Settings > Domain tab and click on the ‘+’ icon and fill in the necessary fields.

      R1-1Upon creating a domain, users can check the box associated with the newly created domain, and using the Nine Dots menu the categories can be configured.

      R2As mentioned above, for the PII information to be available in the downloaded report, the categories should be named as the following.

      • Indirect Personal Information
      • Direct Personal Information
      • Sensitive Personal Information by Nature
      • Sensitive Personal Information by Law

      Adding Custom Fields for PA

      In ROPA,  users can create custom fields for PA by navigating to Administration > Custom Fields and selecting the associated object type from the drop-down as shown below. 

      R3Note: Unless the status of PA is closed, users have the ability to edit the custom fields of any PA.

      History for ROPA  PA

      The history section provides a comprehensive overview of all the audit activities conducted on a Processing Activity (PA). It includes information about the creation and modifications made. Additionally, it captures any changes made within  PA since the time of creation.

      This history log allows for easy tracking and monitoring of all the changes and actions performed on the PA, providing transparency and accountability in the auditing process. Users have the option to sort the history either by the oldest or newest entries.

      Top Users

      Top Users displays the number of active users who viewed, commented, and collaborated on activity.

      Processing Activity: Nine Dots Options

      The Nine Dots menu enables users to perform specific actions on the processing activity. Within this menu, users can edit the details of the existing PA,  update governance roles, and configure search keywords for easier access to a particular PA.

      Editing a Processing Activity (PA)

      Modification of an existing PA can be performed using the Nine Dots menu.

      Update Governance Roles

      Using the Update Governance Roles feature, users can add or update governance roles, such as Owner, Steward, Custodian, and other custom roles (if configured). These roles can be assigned to members by selecting them from a drop-down list. As a result of this feature, the Processing Activities have designated individuals who are responsible for governing them and can serve as the points of contact in case of questions.

      Configure Search Keywords

      Configure Search Keywords are specifically added to Processing Activities to enhance their discoverability and accessibility for users. These keywords streamline the process of locating relevant data within the application. A score is assigned to each keyword created and voted on. Any keyword configured by the admin is recorded as 3. A minimum score of 3 points is required for keywords to be considered for Global Search, which ensures data stories associated with configured keywords are displayed more prominently.

      A minimum score of 3 points is required for keywords to be considered for Global Search, which ensures data stories associated with configured keywords are displayed more prominently.

      To configure keywords:

      1. On the Processing Activity detailed page, navigate to the nine-dot menu and click the Configure Search Keywords option from the list. A Configure Search Keywords pop-up is displayed.
      2. Click on Add Keyword.
      3. Enter the keyword in the field.
      4. Click on Save, and the keyword is added to the Search Keyword grid.

        Note:
        1. Users can enable/disable a search keyword using the toggle.
        2. Users can delete a search keyword using the delete icon.

      Collaboration Messages

      The Collaboration feature within OvalEdge allows users to communicate and collaborate easily with one another. Users can tag specific individuals or teams in the message using the @ annotation to ensure the right people are notified and can access the message. This feature supports various types of media, including images, URLs, links, and more, providing additional context and information.

      Associated Data for Processing Activity

      The Associated Data section within OvalEdge presents various data objects, including Databases, Tables, Table Columns, Files, File Columns, Reports, Report Columns, and Codes. These objects are associated with the configured PII Terms in the Processing Activity. When the same PII Term is linked to data objects such as schema, tables, table columns, etc., those objects are displayed in respective tabs categorized by the Term name.

      Users can easily navigate to the corresponding data object, view its summary, and access the business glossary term summary by clicking on the term name. Each Object Type tab provides a count of data objects associated with the current term, including Databases, Tables, Table Columns, Files, File Columns, Reports, and Codes.

      The grid offers detailed information about data objects based on the selected object type.

      For example:

      Suppose there is a PII Term called "Email Address" configured in the Processing Activity. If the "Email Address" term is associated with a table column named "User_Email" in the "User" table and a report column named "Contact_Email" in a report, these objects will be displayed in their respective tabs under the "Email Address" term.

      In this scenario, users can navigate to the "User_Email" table column or the "Contact_Email" report column, view their summaries, and access the business glossary term summary by clicking on the "Email Address" term. The "Table Columns" tab will show the count of table columns associated with the "Email Address" term, including the "User_Email" column. Similarly, the "Report Columns" tab will display the count of report columns associated with the term.

      ROPA  Reports 

      OvalEdge's ROPA  Reports offer a comprehensive record of an organization's data processing activities, encompassing activity details, data flows, legal basis, data security measures, data retention, risk assessments, and compliance status. These reports provide a consolidated overview of the organization's processing activities.

      How to Generate a ROPA  Report?

      A dedicated tab is provided on the GDPR ROPA  page for creating and viewing the reports tab

      1. Clicking on the “+” icon to the top right will open a pop-up to add a report.
      2. After filling in the mandatory fields, the user can check the box “Add Processing Activity” to create a “PA along with the Report.
        1. These Processing activities will be picked including (all Active Processing Activities) the start date and the end date.
        2. If there are any unwanted PAs under a report. The user has the option to Modify/Delete as shown in the image below.

      How to Edit a ROPA  Report?

      Modification to the existing Reports can be performed using the Nine Dots menu.

      • If the "From date" and "To date" of processing activity (PA) fall outside of the specified report timeline, a red icon will appear next to the PA. Conversely, a green icon will be displayed next to the PA if the "From date" and "To date" fall within the report timeline.
      • If the user selects the option to "Remove all processing activities not matching the duration from the report" and a processing activity (PA) that is not active within the date range specified by the "From date" and "To date," then that PA will be removed from the report.
        Example: If the "From date" of January 1, 2023, and the "To date" of January 31, 2023, are specified for the report, then the processing activities (PAs) that are active during this period will be displayed in the report.
        By hovering over the status bar located at the top of the page, a summary of all the current Reports is displayed. 

      How To Download a Report?

      Users can download a report by using the download icon at the bottom right of the Reports page in the list view or using the Nine Dots menu. 

      The report is downloaded in a predefined template in “.xlsx” format and has two sheets where the first sheet has the Report summary and the second sheet has a template of ROPA  which includes all mandatory information in-line with GDPR.

      In the second sheet, There are multiple columns that are predefined and the “Personal Data” column displays the terms relating to the PII.

      The categories under Personal Data should match the categories in the Business Glossary and only then will it display the information relating to those specific terms. The categories are listed below

      • Indirect Personal Information
      • Direct Personal Information
      • Sensitive Personal Information by Nature
      • Sensitive Personal Information by Law

      Upon choosing the download option for a job, users will be notified in the notifications tab once the download is ready. They can access the system alerts to download the report. It is important to note that only one report can be downloaded at a time.

      Note: If the categories are not already available then the user is required to create these categories in their environment to generate ROPA -specific reports.

       

      Adding Custom Fields for Reports

      In ROPA  users can create custom fields for Reports by navigating to Administration > Custom Fields and selecting the associated object type from the drop-down as shown below. 

      R4Note: Unless the status is closed, users have the ability to edit the custom fields of any Reports.

      Report Summary 

      The report summary in GDPR ROPA  offers a comprehensive snapshot of essential information regarding processing activities and associated data objects. It includes the activity description, custom fields, top users' engagement, and update history. This summary provides a concise overview of the report key details.

      History for ROPA  Report

      The history section provides a comprehensive overview of all the audit activities conducted on Reports. It includes information about the creation and modifications made. Additionally, it captures any changes made within Reports since the time of creation.

      This history log allows for easy tracking and monitoring of all the changes and actions performed on the Reports, providing transparency and accountability in the auditing process. Users have the option to sort the history either by the oldest or newest entries.

      Top Users

      Top Users displays the number of active users who viewed, commented, and collaborated on activity.

      ROPA  Reports Nine Dots Options

      The Nine Dots menu enables users to perform specific actions on the ROPA  Report. Within this menu, users can edit the details of the existing ROPA  Report, update governance roles, and configure search keywords for easier access to a particular ROPA  Report.

      Editing a ROPA  Report

      Modification of an existing ROPA  Report can be performed using the Nine Dots menu.

      Editing Processing Activities under a ROPA  Report

      Users have the flexibility to add or remove the processing activities after a ROPA  report is generated. Additionally, if the From date and To date of processing activity (PA) fall outside of the specified report timeline, a red icon will appear next to the PA. Conversely, a green icon will be displayed next to the PA if the From date and To date fall within the report timeline. Here users can go and delete the unnecessary PAs if they are invalid and marked as red dots.

      If the user checks the box “Remove all processing activities not matching the duration from the report” while editing the report timeline, all the reports that fall outside the selected timeline will not be displayed to the user.

      Delete ROPA  Report

      Users have multiple ways to delete reports. Users can access the 

      Governance Catalog > Compliance > GDPR ROPA > Reports and select the desired report they wish to delete. To initiate the deletion process, they can then access the nine-dot menu and choose Delete Report.

      Alternatively, users can opt to directly navigate to the Summary Page of the specific report they want to delete. On the summary page, they can simply click on the nine-dot menu and select Delete Report to initiate the deletion process for that particular report.

      Update Governance Roles

      Using the Update Governance Roles feature, users can add or update governance roles, such as Owner, Steward, Custodian, and other custom roles (if configured). These roles can be assigned to members by selecting them from a dropdown list. As a result of this feature, the Reports have designated individuals who are responsible for governing them and can serve as contact points in case of questions.

      Download ROPA  Report

      Users can download a report by using the download icon at the bottom right of the Reports Summary page or using the Nine Dots menu. 

      Configure Search Keywords

      Configure Search Keywords are specifically added to ROPA  to enhance their discoverability and accessibility for users. These keywords streamline the process of locating relevant data within the application.  

      A score is assigned to each keyword created and voted on

      Any keyword configured by the admin is recorded as 3. 

      To configure keywords,

      1. In the ROPA  Report detailed page, navigate to the nine-dots menu and click the Configure Search Keywords option from the list. A Configure Search Keywords pop-up is displayed.
      2. Click on Add Keyword
      3. Enter the keyword in the field.
      4. Click on Save and the keyword is added to the Search Keyword grid.
      5. Search keywords with a minimum score of 3 are considered for the Global Search to find and locate the objects.

        Note:
        1. Users can enable/disable a search keyword using the toggle
        2. Users can delete a search keyword using the delete icon

      Associated Data for ROPA  Reports

      The Associated Data presents various data objects, including Databases, Tables, Table Columns, Files, File Columns, Reports, Report Columns, and Codes. When a Processing Activity is linked with a ROPA  Report and the Processing activities are configured with a PII Term, the data objects associated with the same PII Term, such as schema, tables, table columns, etc., are displayed in respective tabs categorized by the Term name.

      Users can easily navigate to the corresponding data object, view its summary, and access the business glossary term summary by clicking on the term name. Each Object Type tab provides a count of data objects associated with the current term, including Databases, Tables, Table Columns, Files, File Columns, Reports, and Codes.

      The grid offers detailed information about data objects based on the selected object type.

      Watchlist for ROPA 

      You have the ability as a ROPA  user to receive notifications regarding actions performed on specific ROPA  Processing Activities and Reports. To enable this feature, you need to add the desired Processing Activity or Report to your watchlists. Once added, these activities and reports will be displayed on your Watchlist, ensuring convenient access and timely notifications.

      Users can check the notifications in the Notifications module under Watchlist.

      Global Search for ROPA 

      Users in OvalEdge can use the global search feature to easily find specific ROPA  Processing Activities or Reports. The feature allows them to apply filters and search at a granular level, making it simple to locate the information they need.

      Users can see different tabs for ROPA  processing activities and Reports, as well as a variety of filters on the left panel menu.

      Security for ROPA 

      Enable Role-Based Access

      To restrict access to any specific section of ROPA , users can follow these steps:

      1. Navigate to the Administration menu and select "Security" followed by "Applications".

      2. Within the Applications section, search for ROPA  as the application name.

      3. Users can enable/disable role-based access using the toggle button and users can also manually add and remove roles to access specific pages in the ROPA  application.

        R5

      Enable Governance Roles Access

      In ROPA , users have the option to customize governance roles for PA and Reports. To access this feature, users need to go to the administration section, click on "Security," and then select the "Governance Roles" tab. Within this tab, users can choose specific governance roles related to compliance.

      Furthermore, users have the flexibility to modify labels, add label descriptions, and decide which governance roles should be visible in ROPA .

      R6

      Enable License based access

      ROPA ’s  processing activities or reports can be viewed based on the license type irrespective of their role. To enable this access for Viewers to GDPR ROPA , users can navigate to Administration through the left panel menu and select the Security option. Within the security settings, access the Application Security tab. In this page, search for Application name ROPA . Users have a toggle button to enable/disable ROPA  access based on the Viewer licenses.

      Note: Users will be able to view or access ROPA  if they have the required access to Governance Catalog in application security. However, if users have to contribute or make user actions on a Processing Activities or reports they need to enable system settings as shown below.

      System Settings ROPA  Contributors

      Within the administration tab, specifically in the system settings section, there is a dedicated tab for ROPA  contributors. This configuration allows users to add, modify, or delete a PA or a Report within ROPA . Users with an author license will possess the necessary permissions to actively contribute to ROPA .

      R7

      Audit on Terms

      Users can audit the updated changes at the terms level by going to Audit Trails, selecting Governance Catalog, and then clicking on Terms. For a visual guide, please refer to the screenshot below.

      Security Classification

      To understand the security classification applied to different terms, Users can navigate to the Governance Catalog > Data Classification. On that screen, users have an option to select available classifications from the desired domain drop-down by clicking on the appropriate option located in the right corner. By doing so, the system will present the tags associated with the term, providing information about its security classification and relevant tags. 

      Connector Health

      The OvalEdge application enables users to get notified when the data source/platform loses connection with OvalEdge. Users can utilize the connectors screen to send notifications to the relevant platform owners. Additionally, the system can retrieve the necessary data from Audit Trails > Connectors to generate reports on the security tagging of each data resource and display it accordingly.

      Service Desk for ROPA 

      Configuring pre-defined templates

      Users will have the option to select predefined ROPA  templates from Administration > Service Desk Templates. In the list, users can search to find the specific template they are looking for:

      1. ROPA  Processing Activity Approval
      2. ROPA  Report Approval

      Users can select it to view the details and configure any necessary settings or fields associated with the template.

      Editing ROPA  Service Request Templates

      Configuring Approval Workflow

      To associate an Approval Workflow with a ROPA  template, you have the flexibility to configure an existing workflow or create a new workflow based on your specific requirements. Additionally, users can define the Service Level Agreement (SLA) and choose between automatic or manual fulfillment modes.

      To create a new approval workflow for the template, follow these steps:

      1. In the Approval Workflow settings of the template, select the option to create a New Workflow.

      2. Provide a name and description for the workflow in the designated fields.

      3. Add the users, teams, or approvers for each workflow level based on your requirements.

      4. For multiple levels of approval, such as First, Second, Third Approvers, click on the "+Add New Approver" button to configure approvers at each level.

      5. Repeat the process to add additional levels of approvers as needed.

      6. Configure the Final Approver, who will be the last approver in the workflow.

      Setting SLA and Fulfillment Mode:

      1. Within the Approval Workflow settings for the template, locate the SLA configuration.

      2. Specify the desired service level agreement (SLA) parameters, such as response time or completion time. - The SLA checkbox triggers advanced notifications to approvers. This ensures requests are not missed and leads to timely and efficient processing, improving overall efficiency and accountability. The SLA checkbox enables users to set specific timeframes for the approval process and ensure approvers meet designated response times to prevent delays or overlooked requests.

      3. Select the fulfillment mode from the drop-down options. 

      4. Save the workflow settings once all the desired approvers and levels have been defined.

      Existing Approval Workflow

      Users can utilize the predefined workflow with configured approvers to raise service requests efficiently.

      Active/Inactive Templates

      • Active Templates: These are templates that are currently enabled and available for use. Users can select active templates when raising service requests.

      • Inactive Templates: These are templates that are currently disabled and not available for use. Users cannot select inactive templates when creating service requests.  

      Users can locate the "Active" option by clicking on the nine dots icon associated with the template. The nine dots icon provides additional actions and settings for the template, including the ability to mark it as active or inactive.

      Publishing a Template

      By default, a newly created template will be in draft status. To make the template available for use, users can click on the nine dots icon associated with the template and select the "Publish" option. Once published, the template becomes visible and accessible to users in the service request creation process. Users can select and utilize published templates when raising service requests. On the other hand, unpublished templates are not visible or selectable during the creation of service requests. 

      Note: It is important to note that while users can set templates as inactive, they cannot delete or revert the system defined templates back to draft status.

      Raising a ROPA  Processing Activity Approval

      Purpose: This request is raised for obtaining approval for ROPA  processing activities.

      1. To navigate to the Service Desk page, simply click on the Service Request icon located in the header menu.
      2. Click on the New Service Request button enabled in the top right corner of the screen.
      3. Select the ROPA  Processing Activity Approval from the drop-down list.
      4. Click the Continue button to proceed to the next step.
      5. A New Service Request Template pop-up appears on the screen containing pre-populated fields. Edit the detail fields as required. Please ensure that all mandatory fields are entered in order to submit the request successfully.
        1. Summary: Edit the details fields as necessary.
        2. Description: Enter the request details.
        3. Priority: Select priority for the request.
        4. Select ROPA  Processing Activity: The field is non-editable and shows the activities that have been selected.
      6. Please refer to the right side of the window to find the approval workflow details displaying the individuals responsible for approving/rejecting the request. Click button when completed.
      7. The system now generates a service request ID, which can be opened to view the details of the service request.

      Raising a ROPA  Report Approval

      Purpose: This request is for obtaining approval for ROPA  reports.

      1. To navigate to the Service Desk page, simply click on the Service Request icon located in the header menu.
      2. Click on the New Service Request button enabled in the top right corner of the screen.
      3. Select ROPA  Report(s) from the drop-down list.
      4. Click the Continue button to proceed to the next step.
      5. A New Service Request Template pop-up appears on the screen containing pre-populated fields. Edit the detail fields as required. Please ensure that all mandatory fields are entered in order to submit the request successfully.
        1. Summary: Edit the details fields as necessary.
        2. Description: Enter the request details.
        3. Priority: Select priority for the request.
        4. Select ROPA  Report: The field is non-editable and shows the activities that have been selected.
      6. Please refer to the right side of the window to find the approval workflow details displaying the individuals responsible for approving/rejecting the request. Click button when completed.
      7. The system now generates a service request ID, which can be opened to view the details of the service request.

      Status Progression for Raised ROPA  Requests

      Sample Process Flow for service desk

      The raised ROPA  requests can be viewed from the Service Desk module from the left menu panel. Under the ‘My Requests’ tab, you will be able to see the raised requests.  Selecting a specific request will direct you to its Summary page, where comprehensive details of the request raised are displayed, including the request status.

      • Note 1: Viewer License users cannot raise a service request and do not have the ability to perform any actions related to ticket statuses.

      The service request can have different statuses, including:

      R8

      1. New: It indicates that the request is in its initial stage and has not undergone substantial processing or evaluation yet. The request is new and awaits further action.

      2. Request to Publish: This status empowers users to initiate the process of making a ROPA report or process activity available, thereby triggering the subsequent approval from the configured approvers. 

        R9
      3. Pending Approval: This indicates that the request is currently being evaluated and reviewed by the assigned approvers.
        R10

      4. Fulfillment successful (Published): Once the request receives approval from the configured approvers, a fulfillment job is run in the background and once request is fulfilled, the status is changed to ‘Fulfillment successful’ i.e., "Published" status. Users check the ‘Mark the status as closed’ checkbox to move the ticket status to ‘Closed’.

        R11R12

      5. New (if rejected): If the request is rejected by the approvers, it reverts back to the "New" status. This indicates that the request needs to be reviewed or modified before resubmission.

        Notes: Comments should be added whenever a service request is approved or rejected to provide additional context and information regarding the decision.

        R13

      To summarize, the status of a service request progresses from "New" to "Under Process" during the approval process. Upon approval, it transitions to the "Published" status. If rejected, the request returns to the "New" status, prompting the need for further review or adjustments.

      Note: Only Processors or Controllers configured in the workflow have the authority to approve or reject a request based on the established workflow configuration.  It is crucial to understand that users who are not designated as the processor or controller for a processing activity or reports will have the "Approve" and "Reject" buttons grayed out. Consequently, they do not possess the capability to approve or reject a request.

      R14

      Here is a tabular format representing the ticket statuses and actions for different user licenses in OvalEdge:

      Ticket Status 

      Author users 

      Viewers

      New 

      Request to Publish

      Pending Approval

      Resolved (If Approved)

      Fulfillment Successful (Published)

      Mark this ticket as closed - Closed 

      Reopen (If Rejected)

      Reopened 

      Copyright © 2023, OvalEdge LLC, Peachtree Corners, GA USA