What is vendor issues and tasks?
Hello Experts,Can you help me to understand what is the issue and task in the vendor risk management? Any examples please?Who can create these issues and tasks?ThanksUday
Forum Posts
When I put into Attest the Risk Assessment is not created. Is it because I have to "revert to default risk score"
When I'm doing a risk assessment, I want to move it to Attest mode so that a Risk Assessment can be created. However, when I put it into Draft and then to Attest, it does not generate the risk assessment. I do notice for the ones where it does not ...
Resolved! How to add URL in email script to use it in Notification
@ankurt @Ankur Bawiskar Dear All,I'm trying to use below mention link in (var url1 = '<a href="' + gs.getProperty('instance_name')+'.service-now.com/'+'url' +'">Link</a>';) but it is not working in notification.please let me know where I'm doing mis...
How to add the users in group using schedule job
Hi Team@Ankur Bawiskar I want to add the CI system manager of manager in group like (CMDB_USER) based on CI which are available in Check result table.for this requirement i have written the code but it is not working when i add the line if (userAr...
Cancel expired assessment
Hi All, I have identified several of our Control Attestations being set to cancelled by a scheduled job. Has anyone else had issues with this OOTB behaviour - since it cancels active attestations for us if they are overdue! Thank you in advance. Ki...
Resolved! Access Reviews in P&C
Has anyone used the Policy and Compliance app for access review? In this case the entities will be users with access to x system. I did not think the P&C will be an audit tool but we are trying to maximize its features. e.g. create a Control Atte...
Resolved! Risk and Compliance workspaces
We recently upgraded to both San Diego and IRM (from GRC). In our test/dev environments, I can see the Risk and Compliance workspace portals, but not in or production. I was wondering if there is a simple spot for me to look to enable them? Thanks in...
Residual Risk and Calculated Score
Inherent risk = the amount of risk that exists in the absence of controls. In other words, before an organization implements any countermeasures at all, the risk they face is inherent risk. Residual Risk = the risk that remains after controls are acc...
How to create a reference between tables Control Objectives and Citations
Hello, I have imported content into 2 tables in ServiceNow called Control Objectives and Citations. The source data for these tables is in a csv file in case it's relevant. Each row in the Control Objectives table (screenshot 1) corresponds to severa...
UCF vs Regulatory Change Management
Hi, If a customer has UCF which allows them to get the list of regulations, and also retrieve updates to control objectives from the relevant regulations, what value would regulatory change management bring? Is it just the extra workflows to help man...
What is the purpose of approver field in Policy exception and also the use of review state in policy exception
What is the purpose of approver field in Policy exception and also the use of review state in policy exception. The approval for policy exception actually goes to the requester's manager and the control owner of the impacted control. Then what is the...
How can I trigger risk assessment initiation with scheduled jobs?
Hi, all, If anyone has the experience that the risk assessment is initiated with a risk assessment scheduler, I'd like to know how the "initiate later" option works. I configured the risk assessment scheduler. And I turned on "Initiate later" then ...
Resolved! How does ServiceNow's GRC product help for a SOC 2 audit?
Hi, We are going through a SOC 2 Audit. How does ServiceNow's GRC products help us to better position ourselves for the SOC 2 Audit? Which products within the suite are related to the SOC 2 Audit? How are other companies leveraging ServiceNow's GRC f...
Resolved! Risk Record Lifecycle and Policy Exception Management Lifecycle
Hello all, I am trying to get my hands on the Lifecycle slides for Risk Record Lifecycle and Policy Exception Lifecycle. These are in the GRC Fundamentals course book but I only have a hard copy. I cannot find them anywhere on the partner collatera...
Resolved! Entity and Entity Type changes are not recorded in Update Set
Hi, We build our entities and link them to entity types and assessment types to build Diagnostic in the Dev. Everything work fine in Dev and now we are trying to push it to Prod. We created an update set, making sure they are in the same Profile as ...
