Skip to content

Mitigating Controls Overview

Mitigating controls are actions or business processes taken to reduce the risks introduced by users having conflicting access in a system. Mitigation is generally considered to be less desirable than remediation due to the maintenance, overhead, and traceability requirements of performing and auditing the mitigating control, but are an effective way to manage exceptions.

Examples of mitigating controls include using configurable automated system controls, such as three-way match for accounts payable, or manual procedural controls, such as a manager review.

Mitigating Controls are created at the customer level and can be applied to users across all your systems governed by Access Risk Management. These controls are then mapped to one or more risks and applied to one or more users through mapping rules.

Controls can be mapped to users at multiple levels:

  • All users for all systems
  • All users for a specific system
  • Specific users within a specific system

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.