Skip to main content

Prerequisites

  • The document is in In Review, Approved, or Published status
  • You have edit permissions on the riskSpecification document

Steps

1. Identify the Issue

Common reasons for rework include:
  • A reviewer finds incorrect feasibility scoring or impact ratings
  • New threat paths are discovered after review
  • Treatment decisions need to change based on updated risk controls
  • Cybersecurity goals or CAL assignments require modification
The Rework action triggers MarkWorkflowSignaturesAsObsolete and ResetSignaturesVerdict, which mark all prior electronic signatures as obsolete and clear the approval verdict. The entire review-approve-publish cycle must be repeated.

2. Execute the Rework Action

  1. Open the TARA module in document view
  2. Click the workflow action Rework
  3. The document transitions back to Draft status
All existing workflow signatures are immediately marked obsolete. The document’s signature verdict is reset.

3. Make Corrections in Risksheet

  1. Open the document in Risksheet view
  2. Navigate to the appropriate view for your changes:
    • 1. Identify Threats — to add or modify threat paths
    • 2. Assess Feasibility — to update attack factor scores
    • 3. Risk Assessment — to revise impact ratings
    • 4. Risk Treatment — to change treatment strategies or link new controls
    • 5. Req & Verification — to update requirements or test case links
  3. Make the required corrections
  4. Verify that all computed fields (taraFeasibility, taraVerdict) reflect the updated inputs

4. Re-submit for Review

Once corrections are complete, follow the standard review and approval process:
  1. Click Send for Review to transition back to In Review
  2. Polarion auto-populates signers from the project_approver role
  3. Reviewers provide new signatures after re-reviewing the content
  4. Approve and publish when ready
Consider adding a comment or note to the document explaining why rework was needed. This provides context for reviewers in the new approval cycle and supports audit trail clarity.

5. Verify Signature State

After rework, confirm the signature reset:
  1. Open the document’s signature panel
  2. Verify that previous signatures show as Obsolete
  3. Confirm no approval verdict remains from the prior cycle

Verification

After completing the rework cycle:
  • Document is back in Draft status
  • All prior signatures are marked obsolete
  • Corrections are applied in the Risksheet
  • Document is re-submitted through the full review-approve-publish cycle