One of the most overlooked parts of IRM implementations is the taxonomy that sits underneath everything. We often talk about Authority Documents (regulations, frameworks, standards) and Risk Statements (potential events that may impact objectives) ...
In response to the question “GRC/IRM – How to find entities and controls tied to Authority Documents ” on the ServiceNow Community I wanted to share something I built in the past. This is exactly where Content Reference comes in. Its designed to tag ...
Original article was placed as a question in the GRC forum. Thanks @Rafael Cardoso for your suggestion. Dear All, Docs doesn't elaborate much on how to use code snippet for Smart Assessment and at times customers find it confusing. For one of my ...
The Risk Zurich release is here! Get a first look at the new Risk GenAI-powered capabilities to improve your risk team’s productivity and efficiency. Here are the latest demos for Now Assist in our Risk portfolio. Now Assist for IRM: Common Contro...
You've come to the right place to start your risk product adoption journey. The Welcome Guide for Risk Customers (attached below) provides valuable guidance on the initial steps of your implementation journey, including an overview of the ServiceNow ...
Introduction The ServiceNow AI Control Tower is a centralized platform designed to govern, manage, secure, and optimize AI agents, models, and workflows across an enterprise. This blueprint outlines how the AI Control Tower supports organizations in ...
Hello Community Members, I have been working on GRC for quite sometime and prepared this presentation to introduce the GRC to our users to give them overview and confidence to start with GRC. This covers most of the basic aspects of GRC and various t...
Scoring Configuration for Model Risk Assessments Required role: To configure scoring for model risk assessments, the sn_model_risk_mgmt.admin role is required. Note: The scoring in model risk assessments is done only for model risk task of type "...
Every organization has information silos, with scattered third-party data--from contact details to risk data and criticality levels--across multiple, disconnected sources. When managing thousands of third parties and engagements, the risk team will l...
ServiceNow’s new Digital Operational Resilience Management app enables customers to manage their activities associated with new operational resilience regulations such as the EU Digital Operational Resilience Act (DORA). (A PDF version is available...
Overview Crisis management enables you to effectively manage recovery during disruptions and adverse events within your organization. Crisis management may include: Monitoring upcoming and ongoing threatsIdentifying the line of impact and critical as...
Welcome to the Speed Learning series for Third-Party Risk Management (TPRM), where you’ll find everything you need to succeed with ServiceNow TPRM and the IT Vendor Risk domain, which focuses on identifying and managing risks specific to your technol...
Tiering Assessments and Inherent Risk Questionnaire (IRQ) help organizations apply the right level of due diligence based on the risk a third party poses by defining the scope and aiding in prioritization. These tools are essential in building a scal...
In ServiceNow Third-Party Risk Management (TPRM), issues originate from any identified risk or gap in risk assessments, internal investigations, control failures, risk acceptances, or continuous monitoring (e.g., threat intelligence or news alerts). ...
Running a third-party risk management program at scale is complex, especially with limited resources, a growing ecosystem of vendors, and rising vendor security concerns. ServiceNow Third-Party Risk Management (TPRM) provides you with a wide range ...
The Third-Party Portal (formerly the Vendor Portal) is a secure, user-friendly interface that streamlines how third parties, such as vendors, suppliers, and partners, collaborate with your risk teams. It is a major feature of ServiceNow Third-Party R...
When third parties are unable to access the Third-Party Portal or prefer to share information through documents or spreadsheets due to internal policies, ServiceNow Third-Party Risk Management (TPRM) offers intake process alternatives. That means t...
One of the feature highlights of your third-party risk management program is the ability to be powered by live risk intelligence providers. You can replace periodic, manual assessments with continuous third-party monitoring and ongoing tracking of cy...
Overview Many organizations using the ServiceNow GRC (Governance, Risk, and Compliance) platform face challenges when customizing the risk assessment component to meet specific business requirements. One common request involves enforcing additional v...
The Environmental, Social, and Governance Management (ESGM) Delivery Accreditation is now available in ServiceNow University. Read more about the exam within this knowledge article: Environmental, Social, Governance Management (ESGM) - Exam Blueprint...
Mary Hain
Lisa Latour
Dan Bruhn
Steph Morillo
