We have "read" Acls on the GRC tables like risk, control table based on a field and a role. Only users with a specific role and the flag set to true will have read access to risks, controls, control objectives, risk statements, entity types, entities...
Only one primary contact for each table when ever we hit on new button to create a new vendor contact it should check the primary contact check box for existing records with the same vendor name("company" backend name) , If exists it should not allow...
Hi, I'm experimenting with the new "auto-update owner" flag in Entities. Created an Entity Type, see 1st screenshot (auto-update owner activated)The Entity is created with the correct owner from the source record when Scheduled Job: GRC Profile Gener...
Hi community, I have a question about sending Vendor Risk Assessment (will call it VRA) to multiple vendors at once. I have looked through the documentation, but it does not seem to include information on what I am looking for. OOTB the VRA is sent t...
When the Updated by field shows "system" rather than a user ID, does that mean the record was imported from another system or maybe imported from Excel? Is there a way to figure out what system updated the record? The Source field is blank. Thanks ...
Hello, I am currently trying to upload from template. However the upload shows rows with errors in import set. Unfortunately I am not able to view the error messages in order to fix them Even if I select the "gear button" and get the errors tab to be...
Hi All, We are working on Advanced risk management and enabled the Risk Workspace. We have created a Risk Assessment Methodology and enabled Heatmap Configuration for it. But, when we see it on the Risk Workspace, we are not able to see any data on...
Hello Experts, I have a attestation template to use for my list of controls. While creating my controls from entity type and control objective all the controls are creating in draft stage and ready to attest . The controls are having the control ow...
Hi all,I'm new in GRC I am having hard time understanding difference between class titles ServiceNow offered last year and what's is being offered now:Last year (Orlando release time) there ServiceNow was offering the following classes: Governance, R...
Can someone explain me why is risk assessment methodologies used for ? And how does it work ? And what does it impact? Thank you for you help.
Is there a way where you can have your control objective and your control different? We want to use the control objective and create our own controls, but it seems when you tie in the control objective it automatically populates it for you and there ...
Hi, The Control/Risk fields are missing on the Assessment Instance "GRC Attestation" view, so the user wouldn't know which control the attestation is for. However, when I looked at the OoB view GRC Attestation I noticed that the fields are actually t...
Hello, I'm trying to figure out what are the GRC roles which are eligible to license 'IRM user'. Thanks a lot, Arnaud
In the domain of IT Security Risk Management, it is typical to model risks in a way that captures their impact on one - or more - of the 'classic' CIA (confidentiality integrity availability) security dimensions. As a basic example, the general risk ...
