September 2021 Release Summary

Hello GRC family! We have had a busy year all leading up to this release. The following is a summary of what was released in September. In short, we released a new product as well as a new user experience. Please note, all capabilities mentioned (privacy and workspaces) are dependent on the Rome family release.

 

New Features:

Privacy Management

ServiceNow’s Privacy Management solution helps customers manage their enterprise-wide privacy program by staying on top of privacy risks and regulations. The solution also enables customers to unify and scale enterprise-wide data privacy governance on a single platform to embed privacy risk into the front-line to adopt the Privacy by design culture.

Key Features:

• Privacy Content Library to centrally maintain all privacy regulations, policies, and controls.
• Privacy Screening Assessments to discover processes, applications, vendors, and so on that are processing personal information.
• Enable Privacy by design by automatically discovering new applications and so on using a configurable flow designer.
• Conduct detailed privacy impact assessments to gain visibility into where PI lives, who owns it, and how it is being used.
• Automatically apply controls based on the responses to privacy impact assessments.
• Monitor with an automated continuous control monitoring framework.
• Maintain a record of all the processing activities that gives a complete view of personal information stored, processed, applicable regulations, policies, controls, and an overall compliance posture.
• Automatically identify and report issues based on control failures to plan remediation tasks

System Dependencies:

• GRC: Policy and Compliance Management (com.sn_compliance)
• GRC: Compliance Assessment (com.sn_comp_asmt)
• GRC: Common Workspace Elements (com.sn_grc_workspace)

Release Compatibility

• Rome

For product documentation for Privacy Management, click here.

 

GRC Workspaces – New UI!

The GRC product suite has released a new user experience including persona-based workspaces. These workspaces are designed to give the user a single source of truth to find overall GRC metrics, consolidated task view, and associated data that is easily retrievable.

 

Compliance Management Workspace

Compliance Workspace is a single-pane view for compliance managers and compliance analysts to view the overall compliance posture of the organization, and track time-sensitive issues, high-risk exceptions, ongoing policy acknowledgments, and new regulatory changes. The workspace allows compliance managers and analysts to define and manage the compliance library and test the effectiveness of controls, as well as continuously monitor the control performance through KCIs.

Key Features:

• Personalized homepage for corporate compliance managers and compliance analysts for managing their work​ better
• A consolidated tasks landing page for managing all the tasks assigned to the user and their groups
• Centralized compliance library
• Policy lifecycle and acknowledgments
• Policy exception management
• Testing design and operational effectiveness of controls
• Continuous monitoring of controls through key control indicators
• Issues landing page for triaging, managing, and remediating compliance issues
• Regulatory change management landing page

           

Risk Management Workspace

The Risk workspace is a single-pane view for the IT Risk Manager and the Operational Risk Manager to view the overall risk posture for your organization, track time-sensitive issues, major losses, and control deficiencies that may increase the risks for your organization

Key Features:

• Personalized home pages for IT-Risk and Op-Risk managers for managing their work better.
• Consolidated tasks landing page for managing all the tasks assigned to the user and their groups.
• Centralized risks and control library management.
• A conversational redesigned experience for risk and control assessments.
• Testing designed and operational effectiveness of controls and remediating deficiencies.
• Continuous monitoring of risks and control performance through KRIs and KCIs.
• Recording, and reporting of operational losses through centralized risk events.
• Redesigned risk heat map for monitoring and reporting risk posture.
• Comprehensive issues landing triaging, managing, and remediating issues.
• Contextual information around a record as and when you need through a new 360° relationship viewer and side panels in the records.
• Assessment of risks and controls to monitor the residual risk posture.
• Assess the design and operational effectiveness of the controls.
• Continuously monitor the risks and control performance through KRIs and KCIs.
• Remediation control deficiencies through issues and actions management.

 

Vendor Management Workspace

The Vendor Management Workspace allows vendor managers to holistically view and manage risk and performance data for all of the vendors they manage. The product works with Continual Improvement Management to create and track initiatives for vendor improvement. Vendor Management also integrates with Performance Analytics to provide unprecedented visibility into vendor performance. 

Key Features:

• Landing page with risk and performance overviews
• Risk activity and task management
• Vendor Performance matrix
• Vendor 360 view
• Create performance targets
• Create assessments
• Compare vendors with Success Indicators

 

Audit Management Workspace

Audit Workspace is a single-pane view for an audit supervisor and auditor to view the overall audit timeline and status, track budget and resources for engagements, track high priority observations and issues, and monitor ongoing control testing and audit task progress. The workspace allows the audit supervisors to define audit plans and engagements, assign budget and resources to engagements, and track the progress of engagements.

Key Features:

• Personalized homepage for audit supervisors to manage their work better.
• Personalized homepage for auditors to manage their work better. 
• Consolidated tasks landing page to manage all the tasks assigned to the users and their groups.
• Centralized compliance and risk library.
• Audit scoping, planning, and execution.
• Control design and operating effectiveness testing, process walkthroughs, interviews, and other audit activities.
• Continuous monitoring of controls through key indicators and evidence collection.
• Issues landing page for managing and remediating observations and issues.

 

Release capability for all workspaces:

• Rome

*Note: all product documentation has been linked in the header of each workspace. Find more details there!