Hi community, I am a bit perplexed with respect to how the Policy Exception record/app works in ServiceNow. My GRC knowledge tells me that when a Policy Exception (PER) is requested against a Policy, a Risk Assessment would need to be conducted, but ...
I am looking to input CIS Controls into service now as an Authority document, but would like to know your views on how you would pick out the Entity Types and group them with Control Objections. I would like to have the description specific to the en...
I have request where the risk user would like to see what they have selected for a previous risk assessment. Is it possible to copy the inherent and residual answers from a previous risk assessment to the new risk assessment which has been generated ...
Hi, I have a very simple entity filter on the sys user table for a proof of concept I'm demoing. The filter conditions look for specific users in the organisation (this works and creates entities for each one). However, the owner isn't getting popula...
Are looking to quantify cyber risks in your organization while using ServiceNow IRM platform? If yes, the product team would like to connect with you and have a discussion with you. This is one of the new exciting areas for us and we are really looki...
We are fairly new to GRC and are in the process of setting up our entity framework.However, due to a recent business re-org. we need to deactivate a specific entity type and replace it with 4 new entity types that will take on the existing risks and ...
Hello! Is there a way to adjust the risk scoring so the scoring reflects what the heatmap colors are? Red on a heatmap is usually a very high risk, but the heatmap puts a risk that has a high inherent or residual risk in the red zone just because it ...
Hi Community,I noticed a weird thing with Entity Scoping (perhaps it's just me or it's a SN nuance)...1. I created an Entity Class called 'SOX Infrastructure' 2. I created an Entity Type called 'SOX Applications' and in the 'Entity Filter', I build m...
Can anyone help as to why another risk assessment has auto generated when I canceled a risk assessment. I can see there is a scheduled job which is creating this but I am trying to understand why it would do this if i have cancelled it. Is there a wa...
Hi,I have created new "engagement " and registered the observations relevant to the audit in the Observation tab.Now How can I create issues relevant to these observation and assign to a milestone ?I observed the issues can be created with reference...
We are planning to use GRC for IT and non-IT (i.e., environmental) risk and compliance. We are a single service provider with a dedicated instance, & no domain separation. Within GRC do we have the ability to restrict visibility to data that mimics...
Hi Everyone, What is the significance of creating Entity Type? I can create Entity directly and can complete the entire process. Trying to understand the need for creating Entity type?
Hi there - how do I move a 'Risk Acceptance Task' to the 'Accepted' state? Context/Info: Advanced Risk Assessment (ARA) plugin turned onAdvanced Risk done via the Risk (sn_risk_risk)After ARA done, I 'Respond' to the Risk via a Risk Acceptance TaskAf...
We recently moved to ServiceNow VRM and imported our vendor list from the previous GRC tool and a spread sheet. What didn't come across are the reassessment dates from the past GRC tool. Now I just want to go into each vendor record and manually set...
Hello, How can I change the control status to "Compliant" after closing all isues associated with the control. How it Works Today: it changes the status of the control to "Compliant" When closing just one issue Regards, Control: Issues associate...
