I have a requirement to create a process that includes the following:
- A project assessment intake form where requestors can select GRC entities that are relevant to their project
- An automated way to create smart assessments for each of the selected entities
- A way to create tasks for InfoSec teams to review each app and the responses to the smart assessments
- An easy way to store and report on the data collected
I feel confident I can figure out 1 and 2, but is there a best practice for creating GRC-related tasks without having to make them SCTask records?
Is there a best practice for storing the data for easy reporting?
If the recommendation is to create a custom table, should it be a child table of an existing one?
I'm somewhat new to GRC and ServiceNow, so any help is appreciated.
