Could someone explain why controls that got created through a control objective are in draft state to the contrary of what's mentioned in product documentation. https://docs.servicenow.com/en-US/bundle/utah-governance-risk-compliance/page/product/grc...
Hi,We have an issue where some of our indicators stopped working and a positive indicator result doesn't update the control status. There are no open issues or failed attestations related to those controls. We have many indicators and we've been upda...
Hello experts,I modified the related list of a particular form in the system by doing -right click --configure ---list layoutIs there anything else I am missing out here? Now the issue is post migrating the changes from dev to test instance, the chan...
In working with IPT's, I'm looking for a way (if) I can view the Assignment Group (and the list of corresponding IPT's identified to the Assignment Group) that I assigned the Issues to. A test bed of five Issues, all within one Assignment Group, was ...
Hi Does the type on Audit Engagement depends on the entities / control objectives to add in scope? For example, When I choose IT Audit (Type), There are a total of 26 control objectives added while when I choose Compliance Audit (Type), There are a t...
Hello, I would like to understand how your organization is handling audit documents when uploaded to Engagement and other related workpapers in ServiceNow. With us, there are 100s of attachments (doc, pdf, outlook email, spreadsheet) attached to a si...
Hello Team, @Ankur Bawiskar @Community Alums @Anil Lande we have few groups when they login in the instance it will redirect it workspace. we don't want provide them native ui access. how can we achieve that? Regards,Joy
Can I get FAQ for IRM upgrade.
Hi, I have a requirement to restrict access to GRC modules even more than what "sn_compliance.reader" and "sn_grc.business_user" roles provide OOTB. To keep things simple for now.A user should only be allowed to read records in the Policy & Exceptio...
Is it possible to register pre-created entities in authorization boundry?We are aware that the information registered in the authorization boundry of continuous authorization monitoring (CAM) is automatically bound as an entity of the control.However...
Looking to see if someone would be able to help me with this question our group has. If/when an Incident in a Resolved state is associated with a Problem would that Incidents state change to Closed after 7 days, or does the Incident stay in the Reso...
I have defined the Inherent Assessment(see the screenshot attached), created a currency field in Issue form and mapped the same field from Inherent Assessment but still it is not updating the field in issue form.Inherent risk rating is getting mapped...
When implementing CAM(continuous authorization monitoring), can an authorization boundary take the place of an entity?If I implement CAM, do I need to implement an entity?It seems that the contents of the system registered with authorization boundry ...
I have a requirement to retrieve the failed Indicator from a GRC Issue but cannot see an easy way to do this. I was looking at doing this through the Control but would love to hear if others have done this or what the easiest solution would be. Thank...
Hello, I noticed that the default CAM installation is missing several NIST 800-53 control (182 for Rev 5). Is there an update available that contains the missing controls? I downloaded the list of NIST 800-53 Rev 5 controls (csv) and counted the rec...
