I understand that when entering an individual control the Control Frequency field represents how often the control needs to be attested. If that's the case, then where do you document how frequent the control needs to be executed? I think it is very ...
We have a requirement to have a workflow to check applicability, approvals, reviewers. on authority document record. Is it recommended to have that workflow created? Any rcommendations?
How ServiceNow attaching controls on Mitigating Controls related list on policy exception record in GRC.
Hi Folks, I am new to using Policy Acknowledgements, but I am trying to figure out how to design an acknowledgement that is dynamic and "catches" new employees that meet certain criteria. For instance, for any employee where department is "IT", or i...
How can I change the Name and Reference of the Control Objective if the policy associated with it is beyond Draft state?
When creating controls through the default GRC framework in ServiceNow, newly generated controls appear in the published state instead of draft, despite no customisations to the process. Analysis of the environment showsNo dictionary-level overrides ...
There are two oob fields available on Authority document- Approver and reviewer but there is no workflow defined on AD. Does any know what is the purpose of those approver and reviewer fields? Because I have a requirement to enable approvals on Autho...
We have a requirement to enable option to check applicability of a regulation and then it goes to two level approvals on authority document record. To achieve that we are thinking to create a custom workflow, is it recommended to have that workflow c...
Hello Everyone,I have created a database view for joining Business application(cmdb_ci_business_app), Plan(sn_bcp_plan) reference field to business application, Event(sn_recovery_event) reference field to business application. Here the business appli...
I have a fresh copy of Xanadu for my PDI. I wanted to play with the Approval rule and created a new Policy. There is no reviewer field on the form and not found when I use Form Designer. I cannot move the Policy Out of Draft state, when I submit f...
I have a requirement suppose there is a new regulation coming for an organization and need to create new control objective and also new controls in an organization. Where is the that step in the control lifecycle where control owner needs to set up/c...
Hi there,I need clarification regarding GRC Business User Lite activities in relation to Advanced Risk Assessment.For one of our clients who is currently on the Xandu version (with no immediate upgrade planned), we want to confirm:Can a user with the...
I have a requirement on the due date of responding to attestation, if control owner/ respondent want to revise the due date of attestation how can he do that ? Because due date is coming from the attestation selected at control objective which is sam...
Hi All,I am facing two issues when using the "Set Component Value (Custom UI)" test step in ATF:When selecting assessment metric values, the component displays duplicate assessment metrics.While running the ATF, it throws the error: "assessment metr...
Hey all- my GRC team is publishing their Policy & Compliance documents into multiple categories under the GRC Knowledge Base. They have some categories that are suitable for public consumption (snc_internal) and others that need restricting for grc ...
