ServiceNow as a ISO27001 management system
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2023 04:21 AM
Hi all,
does anyone have information or even experience on using ServiceNow as ISO27001 management system.
Which means, that handle the totalness of ISO27001 certification system in ServiceNow.
I'm no expert of any (ISO27001 mgmt system) so I don't know what does it mean.
I tried to look through store, no findings.
I tried to ask google, no findings.
You there are my last hope 😉
Thanks!
- Labels:
-
Architect
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2023 04:26 AM
Hello @Jugmaz ,
I think that the ISO is a type of certification and accreditation which it has recieved.
More info on below post provide by ServiceNow employee:
https://www.servicenow.com/community/grc-forum/iso27001-certification-documents/m-p/1300351
Best Regards,
Nayan Dhamane
ServiceNow Community Rising Star 2023.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2023 04:29 AM
yes, that is correct.
but my client is looking for tool or app to maintain those certifications - probably which they are responsible of or anyhow needs them to manage those.
This is how they describe the requirement:
How ServiceNow could be used to run an ISO27001 management system.
So not only for monitoring the compliance of individual controls, but for maintaining the entire system (e.g. scope and statement).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2025 02:44 AM
Yes, you can definitely use ServiceNow GRC (Governance, Risk, and Compliance) to run an ISO/IEC 27001 audit. ServiceNow GRC provides the necessary framework to manage information security risks, controls, and compliance requirements for ISO 27001 certification.
Here's some tips on how to do it :
How to Use ServiceNow GRC for an ISO 27001 Audit
Configure the ISO 27001 Framework in GRC
Use Policy and Compliance Management to map ISO 27001 controls into the system.
Import or create the ISO 27001 control objectives and policies as authority documents.
Define Control Objectives, Risks, and Compliance Checks to align with the standard.
Define Controls and Map to Business Processes
Set up controls that align with Annex A of ISO 27001 (e.g., access control, encryption, incident response).
Associate controls with business processes, applications, and assets using Entity Types.
Risk Management
Use Risk Management to assess risks associated with ISO 27001 requirements.
Automate risk assessments with questionnaires and scoring models.
Link risks to mitigating controls and track treatment plans.
Automate Audits with Continuous Monitoring
Schedule automated control tests to check compliance status.
Set up audit workflows for evidence collection and assessment.
Use audit findings and remediation tasks to track non-compliance issues.
Generate Audit Reports
Use GRC dashboards and reporting tools to generate ISO 27001 compliance reports.
Provide real-time visibility into audit progress, control effectiveness, and risk exposure.
Export evidence and reports for external auditors.
Issue and Exception Management
Track and manage non-conformities (NCs) or security incidents found during the audit.
Use issue management workflows to assign corrective actions.
Automate remediation tracking to ensure timely resolution.
By using ServiceNow GRC for ISO 27001 Audits you will :
Reduces manual effort by automating compliance tracking and control testing.
Get real-time compliance monitoring (Dashboards provide continuous visibility into security posture).
Help maintain audit trails and documentation required for certification.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago
What a master answer!!!
Congrats