Dear Community, I have below scenario for Risk Assessment and want to check your openinon - We have 2 different RAMs with same Class and currently If we perform Risk Assessment on (Risk Register R1) with Entity "Fashion" , the same (Risk Register R1)...
Can someone please guide me for the following scenario I am trying to setup . I have a control that no user should have admin rights . I am now designing an indicator for this control . This will be a manual indicator , but in supporting data i...
Hi, We did some testing to see how the answers affect Risk Statements and Control Objectives. We delete the attestations but the results are not removed from the Control Objective Compliance Score. Is there a way to reset all the scoring for Entity ...
Hi Team, I want to create a report on audit management. Client has shared us few fields which they have for audit, we have mapped those fields with the fields which we have in servicenow. Few fields belongs to engagement table and few fields belongs ...
There were some instances where the users contacted us asking to modify their responses as they misunderstood the questions or they had incorrect information at the time. Policy violation and fraudulent aside, from a technical perspective, is there a...
Hello, How can we map all IT Assets from CMDB to IRM Module in best effective way so that we can do Reporting on the Threat & Vulnerabilities associated with all IT Assets ? Do we need to create all IT Assets (CI Records) as Entity Records as a manda...
Can anyone please explain how compliance score is calculated. I'm using pdi (personal development instance) with servicenow sample data (san diego) In attached screenshot can anyone please explain why control is non compliant but control objective co...
New to ServiceNow and trying to clean up some older/stale policies. I have three records in "Awaiting Approval" state but do not show in the approval queue for the listed "Approver." How might I approach setting the records back to a Draft state t...
We are setting up GRC and using OOTB as much as possible but we have a slightly different response to our Risk Acceptance workflow. The OOTB behaviour is that the response approach of 'Accept' for a risk requires an approval from the risk owner. We w...
According to the IRM training guide Controls in the Draft, Retired or Not Applicable state are not included in the Control Objective Compliance Score Calculation. However, possible states of Controls are: draft, attest, review, monitor, retired, so N...
Hi Is it possible to set a 'target date' for an indicator template (manual), that is different from the due date populated by the defined schedule? For example, we have a compliance assessment campaign that is based on manual indicators - each with a...
Hello Experts, I have seen in the attestation level the user able to re-assign the attestation's, If the user want to Delegate the attestation tasks. How to proceed. * added delegated user in the User profile, but delegated user did receive the at...
I have a notification with the following line. Evidence Collection Instructions: ${mail_script:evidence_evidence_collection_instructions} Looking at the mail script, I have the following. Line 7 & 8 should point to the following field on the screen...
I have one list type field >> If I go and search it has to show particular group members for that I stored sys_id of that group in system property can any one help me
Hi, I cloned my Dev to the Test environment and now when I link an entity to an entity type, the entity is not getting the Downstream Controls and Downstream risk. Everything still works fine in the Dev environment before and after the clone. Anyone...
