New to ServiceNow and trying to clean up some older/stale policies. I have three records in "Awaiting Approval" state but do not show in the approval queue for the listed "Approver." How might I approach setting the records back to a Draft state t...
We are setting up GRC and using OOTB as much as possible but we have a slightly different response to our Risk Acceptance workflow. The OOTB behaviour is that the response approach of 'Accept' for a risk requires an approval from the risk owner. We w...
According to the IRM training guide Controls in the Draft, Retired or Not Applicable state are not included in the Control Objective Compliance Score Calculation. However, possible states of Controls are: draft, attest, review, monitor, retired, so N...
Hello Experts, I have seen in the attestation level the user able to re-assign the attestation's, If the user want to Delegate the attestation tasks. How to proceed. * added delegated user in the User profile, but delegated user did receive the at...
I have a notification with the following line. Evidence Collection Instructions: ${mail_script:evidence_evidence_collection_instructions} Looking at the mail script, I have the following. Line 7 & 8 should point to the following field on the screen...
When previewing a document template for BCM the document shown displays in Calibri font, as intended. However, when we generate PDF documents from BIAs Plans or Events the system changes the font to either Arial or times new roman. I have changed all...
Hello All, Can someone please help in providing the references for study material or Question dumps for CIS - Risk and Compliance certification? I have the eBook with me which I got during training. Thanks in Advance.
Hi all, I have a question about the new feature of the Confidentiality flag for audit and compliance records. It refers to "My tasks" in the workspace. Does that mean this feature is only available with the workspaces? Thanks. M.
We have "read" Acls on the GRC tables like risk, control table based on a field and a role. Only users with a specific role and the flag set to true will have read access to risks, controls, control objectives, risk statements, entity types, entities...
Only one primary contact for each table when ever we hit on new button to create a new vendor contact it should check the primary contact check box for existing records with the same vendor name("company" backend name) , If exists it should not allow...
Hi, I'm experimenting with the new "auto-update owner" flag in Entities. Created an Entity Type, see 1st screenshot (auto-update owner activated)The Entity is created with the correct owner from the source record when Scheduled Job: GRC Profile Gener...
Hi community, I have a question about sending Vendor Risk Assessment (will call it VRA) to multiple vendors at once. I have looked through the documentation, but it does not seem to include information on what I am looking for. OOTB the VRA is sent t...
When the Updated by field shows "system" rather than a user ID, does that mean the record was imported from another system or maybe imported from Excel? Is there a way to figure out what system updated the record? The Source field is blank. Thanks ...
Hello, I am currently trying to upload from template. However the upload shows rows with errors in import set. Unfortunately I am not able to view the error messages in order to fix them Even if I select the "gear button" and get the errors tab to be...
Hi All, We are working on Advanced risk management and enabled the Risk Workspace. We have created a Risk Assessment Methodology and enabled Heatmap Configuration for it. But, when we see it on the Risk Workspace, we are not able to see any data on...
