ServiceNow Risk and ESG Products Keep Getting Better

There are several exciting enhancements being released on the ServiceNow Store for our ESG product and GRC product portfolio: Integrated Risk Management, Business Continuity Management, Third-party Risk Management, and Privacy Management

Register for What’s New webinars to see live demos of all the new enhancements on Live on ServiceNow.

Below are some highlights of what you’ll see in this new release:

Integrated Risk Management:

• We’ve added the ability to edit, update, and maintain versions of documents attached to policies, evidence requests, issues, indicator tasks, audit engagements, and more using OneDrive integration.  SharePoint integration is also available for collaborating and Google Drive for redlining documents. The ability to share and collaborate on documents improves the timeliness and accuracy of information within the documents, ultimately improving the speed and completeness of audit engagements – helping mitigate reputational risk due to policies violations and audit findings - and possibly even reduce the risk of a breach. This capability is available with the Standard, Professional, and Enterprise IRM licenses.
• To help the second line risk and compliance management better collaborate with the first line, we’ve added the Review and Feedback capability. It enables you to raise a challenge across any workflow at any state and have the frontline control owner or users respond. You can think of this as a mini audit, without the control testing workflow, or assurance by the second line. With the increased flexibility and streamlined risk and compliance processes the second line user experience is enhanced, oversight is improved to more quickly identify potential risks or compliance violations, while the frontline user experience is maintained at a high level. This capability is available with the Standard, Professional, and Enterprise IRM licenses.
• Continuous Authorization and Monitoring is designed to automate the NIST RMF process for authorizing systems in the U.S. Federal government and other high maturity frameworks.  The Washington release continues to add automation with the ability to auto create requirements on controls that have been defined at the control objective. In addition to auto creating test plans for engagements and implementing hybrid controls.
• To help improve cyber and cloud security we’ve added support for CIS 8 and CSA CCM controls.  We now support the authority document and citations for CIS 8, 171 CIS 8 control objectives, the authority document and citations for CSA CCM 4.0, 197 CSA CCM 4.0 control objectives, and 67 automated indicator templates to monitor CIS v8.0 controls. These indicator templates are also mapped to the related CIS 8 common controls from CSA CCM 4.0, NIST 800-53 Rev5, NIST CSF v1.1, ISO 27001/2, PCI DSS 4.0 etc.
• Other enhancements are available to allow senior management reporting in Word to show the risk profile and actions, automate alerts, and improve performance.  In addition to updates to Compliance Case Management and Regulatory Change Management.

Business Continuity Management:

• Operational Resilience has been added to the Business Continuity Management product (it is still available in your IRM Professional and Enterprise licenses). But with the addition of it in BCM you can now monitor a service's resiliency, while additional features enable you to test and demonstrate how adverse scenarios may impact those business services or specific assets themselves.
• Greater automation capabilities were added between the CMDB and BIAs (Business Impact Analysis) allowing for changes in CMDB records to be automatically emailed, and a UI action was added to pull these changes directly into BIAs, plans and exercises so that business continuity activity and resources remain consistent with organizational change.

Third-party Risk Management:

• The Third-party Risk Management application continues to receive updates with rule-based automation for scoped due diligence assessments.
• We’ve also added the capability to prepopulate assessment questionnaires to improve efficiency.

Privacy Management:

• A new Privacy Case Management workflow helps ensure the timely detection of privacy violations and swift triage of cases. Any breaches can be assessed and handled promptly while regulatory notifications are managed efficiently.
• To boost compliance with global data privacy laws, we’ve made it easy for you to integrate with RadarFirst to automate privacy incident risk assessments and get clear, actionable notification obligations in seconds.​
• Privacy Managers can now export case or request records to PDF for better sharing of information.

ESG Management:

• Disclosure reporting governance has been added to streamline the review, approval, governance, and tracking process including metrics data collection and integration of ESGM with O365 disclosures for cloud and local support.
• Sustainable IT v2.0 has many enhancements including a new map view with filters and drill-down capabilities. Access to the Sustainable IT dashboard is now available form the IT Asset Executive dashboard for better visibility across IT.
• ESGM has been integrated with IRM Advanced Risk Assessments to digitize the complete risk management lifecycle and embed the risk assessment process in the ESG workspace.

We are committed to the continued development of our risk and ESG products and would love the opportunity to show you them in action through live demos. Register here for our What’s New webinars.

Bookmark our 2024 Risk & ESG Events blog to keep up with our events each month.