The violation management system within 1Protection.AI is an essential component of the platform, providing administrators and users with a structured approach to identifying, tracking, and resolving security incidents. By effectively managing violations, organizations can mitigate data security risks and ensure compliance with internal and external policies.
Violation Lifecycle and States
Each violation recorded in the system can progress through various states, reflecting its current status and level of resolution. A newly detected violation enters the system in an open state, signifying that it requires attention. If no action is taken within 30 days, the violation automatically transitions to an expired state.
Administrators and users can further manage violations by moving them into different states based on investigation and remediation. Violations may be marked as pending, acknowledged, closed, or ignored, depending on the circumstances and actions taken. This lifecycle ensures that all violations are tracked until they reach a definitive outcome, preventing unresolved risks from accumulating unnoticed.
Administrator View
Administrators have full visibility into all violations across the organization, allowing them to take decisive action as needed. Each violation may consist of multiple findings, representing various instances of the same policy breach. Administrators can browse violations, filter by status, and access detailed information for each case.
Upon selecting a violation, a slide-over panel presents a comprehensive view of the findings. The panel highlights relevant text or data where the violation occurred, ensuring clarity on the specific breach. If multiple findings are associated with the violation, the interface offers seamless navigation between them.
Administrators are equipped with a suite of standard actions applicable to all violations. They can notify users, prompting feedback or clarification; mark violations as false positives when appropriate; acknowledge the violation to signify awareness; or choose to ignore it if further action is unnecessary. Depending on the integration with external tools, additional actions such as deleting or redacting the findings may also be available. These options enable administrators to interact directly with the integration, addressing violations at their source.
User View
For users, the violation management experience is tailored to focus exclusively on their personal data. Users can view their own violations, track their statuses, and engage in the resolution process as needed. This level of transparency promotes responsibility and encourages users to participate in maintaining data security.
Similar to the administrator view, users can click into any violation to reveal detailed information, including the time of detection, the integration involved, and the specific violation policy and detection rule that triggered the alert. Any actions taken by the user are clearly displayed, reinforcing accountability and providing a comprehensive audit trail.
Collaborative Features and Comments
A key aspect of the violation system is the ability for both administrators and users to add comments to violations. This collaborative feature facilitates clear communication, allowing relevant parties to document findings, discuss resolution strategies, and ensure transparency throughout the remediation process.
Visual Representation of Violations
When viewing the details of a violation, the scanned text or data containing the breach is visibly marked, making it easy to identify the source of the issue. If multiple findings are present, users can navigate through them efficiently, ensuring that no aspect of the violation is overlooked.
By providing a detailed and structured approach to violation management, the 1Protection.AI platform ensures that organizations can address security incidents swiftly and effectively, minimizing potential risks and fostering a proactive data protection environment.