GRC Question Help !!!

Go to solution
SandeepKSingh
Kilo Sage

‎10-07-2024 06:20 AM

Q. Scoped Applications: Which tables go beyond the sn_grc_item Item table?

Q  Which roles have the ability to create Profile Types, Profile Classes, and Profiles?

Q.  What roles are able to access Citations and Authority Documents?

0 Helpfuls
  • 1,164 Views
2 ACCEPTED SOLUTIONS

Go to solution
Ravi Gaurav
Giga Sage
Giga Sage

‎10-07-2024 11:03 PM

Hi @SandeepKSingh 

Answer :-

1. Risk, Control

2. Compliance Manager, Risk Manager

3. Compliance Managers, Compliance Users

--------------------------------------------------------------------------------------------------------------------------


If you found my response helpful, I would greatly appreciate it if you could mark it as "Accepted Solution" and "Helpful."
Your support not only benefits the community but also encourages me to continue assisting. Thank you so much!

Thanks and Regards
Ravi Gaurav | ServiceNow MVP 2025,2024 | ServiceNow Practice Lead | Solution Architect
CGI
M.Tech in Data Science & AI

 YouTube: https://www.youtube.com/@learnservicenowwithravi
 LinkedIn: https://www.linkedin.com/in/ravi-gaurav-a67542aa/

View solution in original post

Go to solution
PrashantLearnIT
Giga Sage

‎10-07-2024 11:20 PM

Hi @SandeepKSingh 

 

1. Tables that go beyond the sn_grc_item (Item) Table in ServiceNow Governance, Risk, and Compliance (GRC):

The sn_grc_item table is a central table used to track GRC items, but other tables extend or work in conjunction with it. Some key related tables include:

  • sn_grc_profile: Stores GRC profiles, which are entities against which controls and risks are evaluated (e.g., departments, assets, locations).
  • sn_grc_control: Stores the controls associated with managing risks.
  • sn_grc_risk: Stores risks and their details.
  • sn_grc_risk_statement: Contains predefined risk statements that help define risks.
  • sn_grc_policy_statement: Holds policy statements which link to controls and risks.
  • sn_grc_authority_document: Stores external regulations, policies, or frameworks that drive GRC activities (authority documents).
  • sn_grc_citation: Citations or references related to authority documents, policies, or controls.
  • sn_grc_control_test_definition: Holds control test definitions used for assessing controls.
  • sn_grc_issue: Tracks issues identified in the GRC processes, including audit findings or risk issues.

2. Roles with the ability to create Profile Types, Profile Classes, and Profiles:

In ServiceNow GRC, only users with specific roles can create Profile Types, Profile Classes, and Profiles:

  • grc_profile_manager: This role allows users to manage profiles, including the creation of Profile Types, Profile Classes, and Profiles.
  • grc_admin: The GRC admin role has full control over the GRC application and includes all capabilities, including managing profiles.

3. Roles able to access Citations and Authority Documents:

Access to Citations and Authority Documents in ServiceNow GRC is controlled by specific roles:

  • grc_author: This role allows users to create and edit authority documents and citations.
  • grc_user: General GRC users can view authority documents and citations but may not be able to edit them.
  • grc_admin: This role has full access to all GRC-related data, including the ability to manage and modify authority documents and citations.

These roles help ensure proper management of regulatory requirements and compliance documentation within the GRC framework.

 

********************************************************************************************************
Please appreciate the efforts of community contributors by marking the appropriate response as the correct answer and helpful. This may help other community users to follow the correct solution in the future.

********************************************************************************************************
Cheers,
Prashant Kumar
ServiceNow Technical Architect


Community Profile LinkedIn YouTube Medium TopMate
********************************************************************************************************

View solution in original post

2 REPLIES 2

Go to solution
Ravi Gaurav
Giga Sage
Giga Sage

‎10-07-2024 11:03 PM

Hi @SandeepKSingh 

Answer :-

1. Risk, Control

2. Compliance Manager, Risk Manager

3. Compliance Managers, Compliance Users

--------------------------------------------------------------------------------------------------------------------------


If you found my response helpful, I would greatly appreciate it if you could mark it as "Accepted Solution" and "Helpful."
Your support not only benefits the community but also encourages me to continue assisting. Thank you so much!

Thanks and Regards
Ravi Gaurav | ServiceNow MVP 2025,2024 | ServiceNow Practice Lead | Solution Architect
CGI
M.Tech in Data Science & AI

 YouTube: https://www.youtube.com/@learnservicenowwithravi
 LinkedIn: https://www.linkedin.com/in/ravi-gaurav-a67542aa/

Go to solution
PrashantLearnIT
Giga Sage

‎10-07-2024 11:20 PM

Hi @SandeepKSingh 

 

1. Tables that go beyond the sn_grc_item (Item) Table in ServiceNow Governance, Risk, and Compliance (GRC):

The sn_grc_item table is a central table used to track GRC items, but other tables extend or work in conjunction with it. Some key related tables include:

  • sn_grc_profile: Stores GRC profiles, which are entities against which controls and risks are evaluated (e.g., departments, assets, locations).
  • sn_grc_control: Stores the controls associated with managing risks.
  • sn_grc_risk: Stores risks and their details.
  • sn_grc_risk_statement: Contains predefined risk statements that help define risks.
  • sn_grc_policy_statement: Holds policy statements which link to controls and risks.
  • sn_grc_authority_document: Stores external regulations, policies, or frameworks that drive GRC activities (authority documents).
  • sn_grc_citation: Citations or references related to authority documents, policies, or controls.
  • sn_grc_control_test_definition: Holds control test definitions used for assessing controls.
  • sn_grc_issue: Tracks issues identified in the GRC processes, including audit findings or risk issues.

2. Roles with the ability to create Profile Types, Profile Classes, and Profiles:

In ServiceNow GRC, only users with specific roles can create Profile Types, Profile Classes, and Profiles:

  • grc_profile_manager: This role allows users to manage profiles, including the creation of Profile Types, Profile Classes, and Profiles.
  • grc_admin: The GRC admin role has full control over the GRC application and includes all capabilities, including managing profiles.

3. Roles able to access Citations and Authority Documents:

Access to Citations and Authority Documents in ServiceNow GRC is controlled by specific roles:

  • grc_author: This role allows users to create and edit authority documents and citations.
  • grc_user: General GRC users can view authority documents and citations but may not be able to edit them.
  • grc_admin: This role has full access to all GRC-related data, including the ability to manage and modify authority documents and citations.

These roles help ensure proper management of regulatory requirements and compliance documentation within the GRC framework.

 

********************************************************************************************************
Please appreciate the efforts of community contributors by marking the appropriate response as the correct answer and helpful. This may help other community users to follow the correct solution in the future.

********************************************************************************************************
Cheers,
Prashant Kumar
ServiceNow Technical Architect


Community Profile LinkedIn YouTube Medium TopMate
********************************************************************************************************