ServiceNow IT Governance Risk and Compliance (IT GRC) automates the business-critical process of measuring and managing adherence to legislative policies, such as Sarbanes-Oxley (SOX), and industry ITIL framework like Control Objectives for Information and Related Technology (COBIT). First, IT GRC is used to document policies, define the risks of failing to comply and to design controls to enforce policies and mitigate risks. IT GRC is then used to schedule control tests to collect compliance evidence and identify failures that need remediation. Finally, information from service management processes can be automatically extracted as evidence for compliance audits.
Every organization must follow regulations and policies from authoritative sources – especially those enterprises operating in heavily regulated industries. But staying compliant can be complex and time-consuming. Some organizations use expensive, specialized software that is separate from their service management system. More commonly, organizations initiate manual “fire drills” using spreadsheets and email whenever an audit is conducted. With ServiceNow IT Governance Risk and Compliance, IT can: