- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2023 11:15 AM
What are the reasons behind ServiceNow only allowing for one Risk Assessment Instance to be attached to a Mitigation?
Has anyone added more then one Risk Assessment Instance to a Risk Mitigation?
If so, how has that been done?
We currently have where the Mitigation could apply to more than one Risk Assessment Instance but can only link one Risk Assessment Instance to a Mitigation.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2023 12:49 PM
The reasoning behind this design choice likely has to do with ensuring clarity, reducing complexity, and maintaining a clear line of responsibility and accountability.
Each Risk Assessment in ServiceNow GRC is designed to represent a unique risk scenario. Mitigations, then, are actions taken to manage, reduce, or eliminate that specific risk. By linking one Mitigation to one Risk Assessment, it becomes clearer who is responsible for the mitigation action and how effective that action is in managing the associated risk.
That said, it's worth noting that one mitigation could conceptually apply to multiple risks or Risk Assessments, as you've described. However, the system is designed to track these on an individual basis to maintain that clarity and accountability.
If you have a situation where a single mitigation applies to multiple Risk Assessments, it may be more a matter of process management than system configuration. You might need to duplicate the mitigation for each Risk Assessment it applies to. While this might seem redundant, it allows you to track the effectiveness of that mitigation for each risk individually.
If you want to adjust the system configuration to allow one mitigation to be linked with multiple Risk Assessments, you may want to consider customization
---------------
Regards,
Rajesh Singh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2023 12:49 PM
The reasoning behind this design choice likely has to do with ensuring clarity, reducing complexity, and maintaining a clear line of responsibility and accountability.
Each Risk Assessment in ServiceNow GRC is designed to represent a unique risk scenario. Mitigations, then, are actions taken to manage, reduce, or eliminate that specific risk. By linking one Mitigation to one Risk Assessment, it becomes clearer who is responsible for the mitigation action and how effective that action is in managing the associated risk.
That said, it's worth noting that one mitigation could conceptually apply to multiple risks or Risk Assessments, as you've described. However, the system is designed to track these on an individual basis to maintain that clarity and accountability.
If you have a situation where a single mitigation applies to multiple Risk Assessments, it may be more a matter of process management than system configuration. You might need to duplicate the mitigation for each Risk Assessment it applies to. While this might seem redundant, it allows you to track the effectiveness of that mitigation for each risk individually.
If you want to adjust the system configuration to allow one mitigation to be linked with multiple Risk Assessments, you may want to consider customization
---------------
Regards,
Rajesh Singh
