Does anyone know the purpose of the GRC.System user account that is brought in when activating the GRC plugins? I have a client who flagged this due to it containing the platform admin role (not just the scoped GRC admin role). I can't find details a...
I have a policy with an associated control objective, control, indicator template and indicator. The indicator shows passing as the last result. What changes the status of the control itself? It shows non-compliant? Is that tied to the attestatio...
Hello, Have anyone come across requirement to policy version management ? Also The html content should be easily editable and reviewable same as in a word doc.Any pointers ?Best,Ashik
Hi team, Consider a scenario where someone has raised a policy exception with all valid values and it has been sent for approval and its waiting for the approval and in between the valid to field expires. Then if someone approves a policy exception w...
We are planning to implement GRC Policy and compliance ,I am newbie to it ,can anyone help me with some good reading docs,I have gone through community and read some articles but I am looking something more advanced.
Hello! Does anyone know of examples where a ServiceNow customer has successfully implemented Risk Management following the FAIR methodology? I know there is a RiskLens integration available to bring in additional risk data, but it seems to be supple...
Hi all, I have a choice field which has four values 'Low,medium,high,critical', as per the value selected I have to display background colour in that field.I have Configured styles accordingly but still it doesnt show the background colour. Can anyon...
I need to create a new email notification for when a policy is to expire in 1 month. Please can anyone help. I have gone to notifications, selected the table sn_compliance_policy Send when - Event is fired Not sure of the event name Condition - Vali...
Does anyone know of a 1-page architecture diagram that illustrates the security of the Vendor Risk service portal?
After we have defined an Entity Type filter, we need some guidance on Entity Scoping> Adding related Controls Objectives. Here is what I understand: 1. When a Policy is added to an Entity Type, all of the Controls Objectives from the Policy are adde...
Hi Team, I see that whenever a Policy Exception is created, within the GRC Application. - The Approval is triggered to the Control Owner and Requester's Manager. We want this default behavior to be routed to different users for approval based on the ...
Hi, What is a Profile Tier level and how do you set it? Thank you.
Hi team, I have three questions in regards to policy exception: How approval process for policy excpetion is controlled in GRC. What if I want to modify the default OOB behavior that if there is no approval rule configured instead on going to req...
Hi All, Can someone help me understand how residual score and calculated score are updated based on controls tied to risks? Is control compliance factor and risk factor used in this calculation ? Does this update even before controls are added to mit...
