Best practice for GRC tasks and reporting

KobyW
Tera Contributor

I have a requirement to create a process that includes the following:

  1. A project assessment intake form where requestors can select GRC entities that are relevant to their project
  2. An automated way to create smart assessments for each of the selected entities
  3. A way to create tasks for InfoSec teams to review each app and the responses to the smart assessments
  4. An easy way to store and report on the data collected

I feel confident I can figure out 1 and 2, but is there a best practice for creating GRC-related tasks without having to make them SCTask records?

Is there a best practice for storing the data for easy reporting?

If the recommendation is to create a custom table, should it be a child table of an existing one?

 

I'm somewhat new to GRC and ServiceNow, so any help is appreciated.

0 REPLIES 0