How to Create an Approval Process/Workflow for your Risks?

Owned by Margus Nael
Last updated: Feb 01, 2021 by Marion Lepmets [SoftComply]
4 min read

In the quality management and document control world, the term “approval workflow” is a common one (see WHAT IS DOCUMENT CONTROL? ) and its purpose is well known to anybody working in the regulated domains. The same model of “approval workflow” can also be applied to Jira issues or even to Risks. Here we explain how to implement such a workflow.

In Jira everything relies on a workflow i.e. you first need to design a workflow (see Working with workflows by Atlassian ). It requires a number of statuses and transitions, where the latter one is crucial.

A status represents the state of an issue at a specific point in your workflow. 

A transition is a link between two statuses that enables an issue to move from one status to another. In order for an issue to move between two statuses, a transition must exist. 

A transition is a one-way link, so if an issue needs to move back and forth between two statuses, two transitions need to be created. The available workflow transitions for an issue are listed in the View issue screen.

 

You can customise several aspects for a transition e.g. conditions, validators, etc. In order to build an approval workflow you need to be familiar with conditions, validators and post functions.

As a Jira administrator, you can control the following aspects of a workflow transition.

  • Conditions – check that a transition should be performed by the user.

  • Validators – check that any input to the transition (for example, by a user) is valid, before the transition is performed.

  • Post functions – carry out additional processing, after a transition is performed.

 

Conditions

Conditions are needed to check if the user has the permissions to approve something, or to submit something to approval. The conditions are connected with your Risk project roles and/or user groups and project permissions. For example, you can define a project role “QA Manager” and give special permissions just to this role.

As you can see there are different options to select from for the necessary group/role/permissions.

Validators

Validators help you to check if all the fields are filled in as you need. It would be best if you automate your approval process completely. Here you can automate that all the necessary fields are filled in as required.

E.g. you can use CPrime Powerscripts validators to implement “Start Progress” transition whenever a risk has a link type Blocks with an issue that has a status different than Resolved and Closed. Or anything like that. Feel free to read more about the validators examples at CPrime Validators Tutorials.

Post Functions

Post functions is something that you might need to trigger after the transition has been made. E.g. send notifications, automatically assign issue to someone, update field values (e.g. security levels), create additional issues to some other backlog, etc. Here you could send out special notifications to people who need to approve something. Read more at advanced workflow customisation.

 

 

Summary of actions to implement approval process in Jira workflow:

 

Thus in order to implement risk approval process:

  1. Prepare the system and your risk project.

    1. Add necessary global project roles (e.g. Risk Management Administrators, Risk Approvers, etc) or user groups (in your directory service).

    2. Review all users under your Risk project settings, so all users have proper roles attached.

    3. Last make sure that those users have all the necessary permissions in your project permission scheme.

  2. Implement your required workflow.

    1. add necessary workflow statuses and transitions (be aware of https://softcomply.atlassian.net/wiki/spaces/SS/pages/1550123017 )

    2. define transition conditions. I.e. check who can execute some transition and who cannot.

    3. define always alternative paths also! Not everything gets Approved, thus sometimes you need a transition to unapproved states as well (look at the Rejected state on the picture above)!

    4. Define/Review notifications. You can send custom notifications from your post functions to users in specific roles e.g.

      1. if the user A is sending risk issue to be approved (from “In Progress” to “Under Review” state), then send special notification for users in role “Risk Approvers”.

        1. That can be done in various ways.

          1. Use built in issue notifications and system events. Define new specific event type and fire it only in specific workflow transition post function. While the new event is used, put it into Notifications scheme to trigger a notification if detected (https://confluence.atlassian.com/adminjiracloud/configure-email-notifications-for-a-custom-event-979422140.html).

          2. Use some alternative notification sending method. Some special apps like JETI, JEMH, etc that provide post functions for that.

          3. Use SIL post function to send messages https://confluence.cprime.io/display/SIL/Mail+configuration.

2. Display risk workflow statuses in your table (https://softcomply.atlassian.net/wiki/spaces/SS/pages/1590132751 )

3. Update risk workflow statuses automatically if needed (https://softcomply.atlassian.net/wiki/spaces/SS/pages/1590427661 )