I am seeking additional clarification regarding Auditable Units. I understand that they can consist of combinations of different entities such as business units, products, services, and policies.
My main question concerns the concept of an Auditable Unit consisting predominantly of policies. From an IRM perspective, policies are linked to the wider control library. This means that when policies are associated with an Auditable Unit, the relevant controls should either be automatically inherited, or the control landscape should be inherited when the Auditable Unit is associated with an engagement.
Is there functionality in ServiceNow that captures this requirement?
