Hello Community Members, I have been working on GRC for quite sometime and prepared this presentation to introduce the GRC to our users to give them overview and confidence to start with GRC. This covers most of the basic aspects of GRC and various t...
Scoring Configuration for Model Risk Assessments Required role: To configure scoring for model risk assessments, the sn_model_risk_mgmt.admin role is required. Note: The scoring in model risk assessments is done only for model risk task of type "...
Every organization has information silos, with scattered third-party data--from contact details to risk data and criticality levels--across multiple, disconnected sources. When managing thousands of third parties and engagements, the risk team will l...
ServiceNow’s new Digital Operational Resilience Management app enables customers to manage their activities associated with new operational resilience regulations such as the EU Digital Operational Resilience Act (DORA). (A PDF version is available...
Overview Crisis management enables you to effectively manage recovery during disruptions and adverse events within your organization. Crisis management may include: Monitoring upcoming and ongoing threatsIdentifying the line of impact and critical as...
Welcome to the Speed Learning series for Third-Party Risk Management (TPRM), where you’ll find everything you need to succeed with ServiceNow TPRM and the IT Vendor Risk domain, which focuses on identifying and managing risks specific to your technol...
Tiering Assessments and Inherent Risk Questionnaire (IRQ) help organizations apply the right level of due diligence based on the risk a third party poses by defining the scope and aiding in prioritization. These tools are essential in building a scal...
In ServiceNow Third-Party Risk Management (TPRM), issues originate from any identified risk or gap in risk assessments, internal investigations, control failures, risk acceptances, or continuous monitoring (e.g., threat intelligence or news alerts). ...
Running a third-party risk management program at scale is complex, especially with limited resources, a growing ecosystem of vendors, and rising vendor security concerns. ServiceNow Third-Party Risk Management (TPRM) provides you with a wide range ...
The Third-Party Portal (formerly the Vendor Portal) is a secure, user-friendly interface that streamlines how third parties, such as vendors, suppliers, and partners, collaborate with your risk teams. It is a major feature of ServiceNow Third-Party R...
When third parties are unable to access the Third-Party Portal or prefer to share information through documents or spreadsheets due to internal policies, ServiceNow Third-Party Risk Management (TPRM) offers intake process alternatives. That means t...
One of the feature highlights of your third-party risk management program is the ability to be powered by live risk intelligence providers. You can replace periodic, manual assessments with continuous third-party monitoring and ongoing tracking of cy...
Overview Many organizations using the ServiceNow GRC (Governance, Risk, and Compliance) platform face challenges when customizing the risk assessment component to meet specific business requirements. One common request involves enforcing additional v...
The Environmental, Social, and Governance Management (ESGM) Delivery Accreditation is now available in ServiceNow University. Read more about the exam within this knowledge article: Environmental, Social, Governance Management (ESGM) - Exam Blueprint...
To help a bank become DORA (Digital Operational Resilience Act) compliant using the ServiceNow platform, the following practical steps can be taken: Conduct a Readiness Assessment: Assess the bank's current state of compliance with DORA requirements...
GRC: Digital Operational Resilience Management (DORM) Bootcamp is now available on demand in Now Learning. To enroll, log in to Now Learning. The course is free. About this course: Learn how to maintain information registers, assess ICT incidents, ...
Overview You can use exercises to make sure that your organization’s teams are prepared for a disruption. Exercises help teams identify gaps in recovery strategies and plans and trigger suggestions for corrective actions. With continuous testing, co...
Overview Business Continuity Planning is useful for developing continuity and recovery plans for all critical business processes and IT functions. This includes, but is not limited to: Identifying the plan scope.Documenting loss scenarios and busines...
Overview Business Impact Analysis (BIA) enables you to prioritize your organization's business processes and critical IT assets when a disruption occurs. BIAs help you identify the recovery time objectives (RTOs), recovery point objectives (RPOs), ...
In today's complex and interconnected business landscape, disruptions can arise unexpectedly, threatening critical operations and organizational stability. Business Continuity Management (BCM) offers a structured and strategic approach to ensure resi...
Mary Hain
Lisa Latour
Dan Bruhn
Steph Morillo
