- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-30-2023 09:56 AM
We receive a yearly assessment from our email provider with a list of ~130 controls showing whether they are implemented or not. We want to add this data into ServiceNow and create tasks for system owners to fix or explain the non-implemented controls. I am getting very confused as to the best way to do this.
My thought is to create control objectives from those 130 controls, skip attestation (since that is a given in this scenario), and then use the results as manual control indicators? If it is a failed indicator, does a ticket get created?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2023 05:12 AM
Hi @SecurePete ,
Yes, you can create those Control Objectives, put it to monitor state initially. Then you can run indicators, once any indicator fails, it will create an issue, to remediate that issue you will have remediation task (Issue Management Lifecyle).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2023 05:12 AM
Hi @SecurePete ,
Yes, you can create those Control Objectives, put it to monitor state initially. Then you can run indicators, once any indicator fails, it will create an issue, to remediate that issue you will have remediation task (Issue Management Lifecyle).
