There are many new and exciting enhancements in the Utah release for risk, compliance, and operational resilience. We discussed some of the highlights in this blog post, but here’s some more information about Utah:
Operational Resilience Management
As noted in the prior blog post, Operational Resilience Management received a significant facelift in this release as we are delivering the Next Experience to help improve visibility, drive efficiencies, and simplify navigation to strengthen the overall risk or compliance posture of your organization. This enhancement includes a modern, new UI design and enhancements to the global navigation.
This release also delivers a new 360-degree allows you to better understand upstream and downstream interdependencies of your parent and child services, processes, technology, people, suppliers and facilities though a pictorial view.
We’ve also added persona-driven, configurable workspaces. Paired with other enhancements in this release, you can more easily analyze importance and impact tolerance with survey-based assessments; run scenario analysis to simulate event impact before activities happen; and generate PDF reports based on pre-defined document templates for self-attestations.
Vendor Risk Management
With Utah, we have upgraded to the latest version of the Shared Assessments Standardized Information Gathering (SIG) Questionnaire. With SIG 2023, ServiceNow is helping organizations more easily obtain assessment documentation from a vendor by allowing them to upload a pre-filled SIG spreadsheet or importing a form-based questionnaire. The SIG 2023 contains additional content regarding Nth parties and ESG (Environmental, Social, Governance), as well as Privacy updates for CPRA/CCPA in California, EU GDPR, the GLBA Data Safeguard ruling, and impending U.S. State Privacy laws from Colorado, Utah, Virginia, and Connecticut.
Common Controls
We talked about common controls in the other blog and it may have appeared it was just for compliance, but it also can simplify risk management. Here you can see a primary entity with a common control. There are 4 related entities associated with that common control and each entity has a different risk associated with it. Since that common control is compliant everything is great, but if it were non-compliant it would automatically generate the assigned risk for each of the related entities. This significantly reduces the amount of time required on the control owner’s part and the accuracy of risk monitoring. The risk manager can more quickly identify risks and move to address them.
Core Capabilities: Issues Management and Confidentiality
There are two primary core enhancements in Utah. The first is the ability to link a single issue to multiple sources to reduce the number and potential for duplication of issues, which could result in significant efficiency gains. For example, users can now create a single issue that links to a risk, control, and related entity (or more than 1 entity). You can also tag an issue for multiple sources of failure, for example risk events or controls to improve risk tracking or analysis – seeing all the related controls that failed or risk events that were reported together can make identifying the root cause easier. Additionally, audits can be simplified when there are fewer issues and when they provide a holistic view of control failures, engagement problems, risks, etc.
Below you can see an issue that is linked to several risks. With the new Add button on the issue record it’s easy to select additional risks to be added. The side panel has also been updated to show the other related sources.
Confidentiality inheritance has been added for related records for issues or risk events. As illustrated below, when a record is marked as confidential, related records will automatically inherit confidentiality. All inherited confidential records will have the allowed user and groups auto populated from the parent record increasing accuracy. IRM admins can now configure and manage inheritance of confidentiality via the new framework.
Risk Management Enhancements
As organizations struggle to do more with less AI becomes an important tool. In the Utah release we’ve made risk management smarter by automatically suggesting risk statements that should be linked to the risk using the Now AI engine. You can see the suggestions in the side panel of the risk record below. This enables higher accuracy in risk aggregation and reporting, and provides leadership true visibility into their organizational risk posture.
And finally, as we discussed in our previous post, we added to our Advanced Risk Management application the ability to tailor the risk appetite framework and configure it to an organization’s unique needs and maturity level. They can define the risk appetite including documentation of qualitative risk appetite statements, amber and red thresholds for qualitative rating, and loss expectancy – linking it to the risk taxonomy. The risk appetite breach management workflow can be digitized to help ensure subsequent actions are taken and risk is managed within the appetite – with alerts for non-adherence.
If you’d like to see these new features in action check out our YouTube playlist (register for more webinars at Live on ServiceNow), demos on Brightcove, join us at Knowledge 2023, or connect with us on the GRC/IRM community
_________________________________________________________________________________________
© 2023 ServiceNow Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, Now Platform, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.
servicenow.com
3 Comments
