Marking Findings as Accepted in SAFE

  • 1 minute(s) read
Prev Next

Introduction

SAFE allows customers to accept the risk associated with specific findings. This feature is useful when organizations have justified business or technical reasons not to remediate a particular finding — such as compensating controls, business dependencies, or false positives.

Accept Findings is currently available only for first-party findings. Support for accepting third-party findings is not available yet.

What is "Mark as Accepted"?

Mark as Accepted is an action that lets you:

  • Acknowledge the presence of a finding

  • Exclude it from SAFE’s risk scoring (based on reason)

  • Document the business rationale behind the acceptance.

AF 1.png

Functional Capabilities

  • Acceptance Reason: When accepting a finding, you must select a reason from one of the predefined categories:

    • Compensating Controls - Excluded from risk calculation

    • False Positive - Excluded from risk calculation

    • Won’t Fix - Included in risk calculation

    This ensures clarity on why a risk was accepted and helps in downstream reporting and risk governance.

  • Expiry Date: You can optionally set an expiry date while marking a finding as accepted. Once expired, the finding automatically reverts to active. This prevents long-term oversight of risks that should be re-evaluated periodically.

  • Mandatory Rationale

    • A short explanation must be provided when accepting a finding.

    • The rationale for transparency and auditability is visible on the Findings page.

  • Global Acceptance Option

    • You can accept the finding globally — i.e., across all groups in the organization.

  • Accepting Finding in Bulk: On the findings page, you can select multiple findings and accept them.

  • View Accepted Findings

    • Navigate to the Accepted Findings tab or filter to quickly review all accepted findings, reasons, and expiry.

  • Reset Status (Unaccept)

    • You can reverse the action by selecting “Reset Status”, which returns the finding to its original (active) state.

AF2.png

Note

If a finding is accepted for all groups, using “Reset Status” will unaccept it across all groups.

Impact on Scoring

  • Findings marked as Compensating Controls or False Positive are excluded from SAFE’s scoring engine and treated as Not Applicable (NA).

  • Findings marked as Won’t Fix remain included in scoring to reflect residual risk.

Accept a Finding

To Accept a Single Finding:

  1. Navigate to Finding Center.

  2. Click on any finding to open its details page.

  3. Click the Mark as Accepted” button.

  4. Select a reason.

  5. [Optional] Set an expiry.

  6. Enter a rationale.

  7. [Optional] Mark the “Apply for all groups” checkbox to accept it globally.

  8. Click Submit.

To Accept Findings in Bulk

  1. On the Findings List page, select one or more findings using the checkboxes.

  2. Click the three-dot options menu in the top-right.

  3. Click the Accept Findings button.

  4. Select the reason, expiry, and rationale (applies to all selected findings).

  5. Optionally select “Apply for all groups”.

  6. Click Submit.

AF3.png