Hello, I recall having seen a slide with the recommended implementation sequence for governance, risk and compliance based on a "maturity model" with foundation, crawl, walk, run, fly. Does anyone have this slide to share? Or similar methodology? Ki...
Hello, This is very much newbie question but what (if any) Compliance/Authority documents come with ServiceNow and the GRC module? I am especially interested in ISO27001 and PCI-DSS. David Smith
Hi everyone, can someone tell me where I can find a detailed description of the GRC Architecture. Thanks in advance!
I want to update some of the Policies that are published in the Knowledge library. However in order to be easier for the owner/approver, I want to be able to highlight the differences between the old (published version) and the new one that is up for...
If we are moving from respond state to review state after accepting or mitigating the risk response task, then after moving back from review to respond, the risk response task is not moving to "work in progress", why is that?
Hello, What are the ways to integrate ServiceNow with RSA Archer? My client has its issues management on RSA Archer but they want to leverage the continuous controls monitoring feature of ServiceNow and therefore they wish to have a centralized issue...
Hi. I want to know about the Indicators and indicators templates inside Governance, Risk and Compliance (GRC). I know from the documentation that Indicators monitor a single control or risk and Indicator templates allow the creation of multiple indic...
Hi All - I have a PDI on Tokyo instance and when I go to Service portal - My GRC --> My risk assessments, there are no records visible although I have risk assessments under assess state.I am using advanced risk and below screenshot:
We are in the process of adding our frameworks, policies and regulatory documents. Then we will parse these into citations and into control objectives. Of course many of the control objectives are looking for the same conditions, for example say th...
Can I customize ServiceNow for my product needs?I plan to hire full stack devs for this issue following this guide. Will I succeed? Have anybody had such an experience?
Does anyone have licensing requirements info pertaining to the following case: We are standing up a risk program and I was recently told that for every risk assessment sent out, my organization would need a single license for each user attesting. Thi...
In GRC: Advance Risk assessment module : how do trigger assessments ?
Hi,I was wondering if anyone knows what is the difference of creating a hierarchy of Policies (One parent policy with one or more child policies) and a hierarchy of Control Objectives (One parent Control Objective with one or more child Control Objec...
Hi All, can you please suggest how to add ACL for the Compliance Management Workspace, Based on the role user was able to see Ex:https://docs.servicenow.com/en-US/bundle/tokyo-governance-risk-compliance/page/product/grc-workspace-compliance/concept/g...
How is the recovery time achievable (RTA) being calculated? I have only known about the description of it from the docs https://docs.servicenow.com/bundle/paris-governance-risk-compliance/page/product/grc-business-continuity-management/concept/bcm-wo...
