We are in the process of deploying BCM. Trying to understand how RTO Gaps are calculated. I have created sample BIA and completed the RTO Impact and Dependency Assessments. I also have a Plan with a defined Scope, Loss Scenario and completed the ...
Hi,Looking at the Policy Exception process I was wondring if there would be a way to use policy exceptions for a specific use case.:"My policies applies to a selected scope of Systems and I want to descope one of this systems using the Exception work...
Hello We have 80 entities that are automatically created from a custom table called "u_products" using entity types. We have an integration set up to bring these products from an external system and are going to store in a different table (for busine...
Hello Experts,Can you help me to understand what is the issue and task in the vendor risk management? Any examples please?Who can create these issues and tasks?ThanksUday
When I'm doing a risk assessment, I want to move it to Attest mode so that a Risk Assessment can be created. However, when I put it into Draft and then to Attest, it does not generate the risk assessment. I do notice for the ones where it does not ...
@ankurt @Ankur Bawiskar Dear All,I'm trying to use below mention link in (var url1 = '<a href="' + gs.getProperty('instance_name')+'.service-now.com/'+'url' +'">Link</a>';) but it is not working in notification.please let me know where I'm doing mis...
Hi Team@Ankur Bawiskar I want to add the CI system manager of manager in group like (CMDB_USER) based on CI which are available in Check result table.for this requirement i have written the code but it is not working when i add the line if (userAr...
Hi All, I have identified several of our Control Attestations being set to cancelled by a scheduled job. Has anyone else had issues with this OOTB behaviour - since it cancels active attestations for us if they are overdue! Thank you in advance. Ki...
Has anyone used the Policy and Compliance app for access review? In this case the entities will be users with access to x system. I did not think the P&C will be an audit tool but we are trying to maximize its features. e.g. create a Control Atte...
We recently upgraded to both San Diego and IRM (from GRC). In our test/dev environments, I can see the Risk and Compliance workspace portals, but not in or production. I was wondering if there is a simple spot for me to look to enable them? Thanks in...
Inherent risk = the amount of risk that exists in the absence of controls. In other words, before an organization implements any countermeasures at all, the risk they face is inherent risk. Residual Risk = the risk that remains after controls are acc...
Hello, I have imported content into 2 tables in ServiceNow called Control Objectives and Citations. The source data for these tables is in a csv file in case it's relevant. Each row in the Control Objectives table (screenshot 1) corresponds to severa...
Hi, If a customer has UCF which allows them to get the list of regulations, and also retrieve updates to control objectives from the relevant regulations, what value would regulatory change management bring? Is it just the extra workflows to help man...
What is the purpose of approver field in Policy exception and also the use of review state in policy exception. The approval for policy exception actually goes to the requester's manager and the control owner of the impacted control. Then what is the...
Hi, all, If anyone has the experience that the risk assessment is initiated with a risk assessment scheduler, I'd like to know how the "initiate later" option works. I configured the risk assessment scheduler. And I turned on "Initiate later" then ...
