We are fairly new to GRC and are in the process of setting up our entity framework.However, due to a recent business re-org. we need to deactivate a specific entity type and replace it with 4 new entity types that will take on the existing risks and ...
Hello! Is there a way to adjust the risk scoring so the scoring reflects what the heatmap colors are? Red on a heatmap is usually a very high risk, but the heatmap puts a risk that has a high inherent or residual risk in the red zone just because it ...
Hi Community,I noticed a weird thing with Entity Scoping (perhaps it's just me or it's a SN nuance)...1. I created an Entity Class called 'SOX Infrastructure' 2. I created an Entity Type called 'SOX Applications' and in the 'Entity Filter', I build m...
Can anyone help as to why another risk assessment has auto generated when I canceled a risk assessment. I can see there is a scheduled job which is creating this but I am trying to understand why it would do this if i have cancelled it. Is there a wa...
Hi,I have created new "engagement " and registered the observations relevant to the audit in the Observation tab.Now How can I create issues relevant to these observation and assign to a milestone ?I observed the issues can be created with reference...
We are planning to use GRC for IT and non-IT (i.e., environmental) risk and compliance. We are a single service provider with a dedicated instance, & no domain separation. Within GRC do we have the ability to restrict visibility to data that mimics...
Hi Everyone, What is the significance of creating Entity Type? I can create Entity directly and can complete the entire process. Trying to understand the need for creating Entity type?
Hi there - how do I move a 'Risk Acceptance Task' to the 'Accepted' state? Context/Info: Advanced Risk Assessment (ARA) plugin turned onAdvanced Risk done via the Risk (sn_risk_risk)After ARA done, I 'Respond' to the Risk via a Risk Acceptance TaskAf...
We recently moved to ServiceNow VRM and imported our vendor list from the previous GRC tool and a spread sheet. What didn't come across are the reassessment dates from the past GRC tool. Now I just want to go into each vendor record and manually set...
Hello, How can I change the control status to "Compliant" after closing all isues associated with the control. How it Works Today: it changes the status of the control to "Compliant" When closing just one issue Regards, Control: Issues associate...
We are in the process of deploying BCM. Trying to understand how RTO Gaps are calculated. I have created sample BIA and completed the RTO Impact and Dependency Assessments. I also have a Plan with a defined Scope, Loss Scenario and completed the ...
Hi,Looking at the Policy Exception process I was wondring if there would be a way to use policy exceptions for a specific use case.:"My policies applies to a selected scope of Systems and I want to descope one of this systems using the Exception work...
Hello We have 80 entities that are automatically created from a custom table called "u_products" using entity types. We have an integration set up to bring these products from an external system and are going to store in a different table (for busine...
Hello Experts,Can you help me to understand what is the issue and task in the vendor risk management? Any examples please?Who can create these issues and tasks?ThanksUday
When I'm doing a risk assessment, I want to move it to Attest mode so that a Risk Assessment can be created. However, when I put it into Draft and then to Attest, it does not generate the risk assessment. I do notice for the ones where it does not ...
