This section provides orientation on how to configure the system so that risk and compliance projects and authoritative documents will be considered obsolete after a certain number of days, after which they can be permanently deleted from the system. It also explains how to configure time limits for vulnerability occurrences (associations between assets and vulnerabilities) to expire or be deleted, as well as how to set a deadline for notifications from the Home module to become obsolete and be deleted.
For risk and compliance projects that are no longer needed, only cancelled or closed projects will be considered, with the countdown starting from the date they were closed or cancelled. The countdown for authoritative documents begins with the date a version was published.
In addition to setting a number of days for obsolescence, you can also configure the frequency with which notifications will be sent when these projects or documents become obsolete. These notifications are displayed in the Notifications section of the Home module and can also be sent via e-mail. The message template used to send e-mail notifications can be customized or disabled in the Message Templates section of this module.
If this feature is enabled, obsolete projects and authoritative documents are listed in the Risk, Compliance, and Knowledge modules, respectively, where you can decide whether to keep or delete them from the system. If deleted, any analysis data from the projects will no longer be displayed in dashboards, reports, and queries. When a version of an authoritative document is deleted, any cross-references, mappings, and published surveys associated with the version of the obsolete document will also be deleted. If a compliance survey is associated with requirements from more than one authoritative document, only the associations with the version of the obsolete document will be deleted. Also note that an authoritative document being analyzed in a project will not be considered obsolete until the project is deleted and only if it is not being analyzed in another existing projects.
Once the configured expiration time for vulnerability occurrences has passed, these occurrences will no longer be associated with assets in the Organization module and, when processed in new risk projects, the Risk Score will not be calculated for them. If this expiration time is increased, the vulnerability occurrences that had previously expired will again be associated with their related assets, and the countdown for them to expire again (within the new time limit) will begin from the date on which they were registered.
In addition to the expiration of vulnerability occurrences, you can also enable obsolescence and set a number of days after which the occurrences will be deleted. It is important to note that the deletion applies only to vulnerability occurrences, that is, the associations between the vulnerabilities and the assets in which they were detected. This means that the vulnerabilities were no longer found in the assets where they were previously identified, probably because they were treated. The vulnerabilities will continue to be listed in the Catalogue of Vulnerability in the Knowledge Module.
Keep in mind that if vulnerabilities are analyzed in a risk project and their occurrences are later deleted, they will still be displayed in existing projects and their metrics will be considered. Note that all vulnerabilities will remain registered in the system, even after their occurrences have expired or been deleted. In addition, their associations with treatment events will always remain.
Lastly, you can set the number of days after which notifications displayed in the Home module will be considered obsolete and automatically deleted from the system.
For details on viewing and deleting obsolete projects and documents, see Chapter 5: Risk -> Risk Management Projects -> Viewing and Deleting Obsolete Risk Projects, Chapter 6: Compliance -> Compliance Projects -> Viewing and Deleting Obsolete Compliance Projects, and Chapter 8: Knowledge -> Compliance Knowledge -> Obsolete Authoritative Documents. For details on the catalogue of vulnerabilities, see Chapter 8: Knowledge -> Risk Knowledge -> Catalogue of Vulnerabilities. For information on notifications, see Chapter 17: Administration -> Customizations -> Message Templates.