Resolved! Vendor tiering assessment
Is there any relation between vendor tiering assessment and vendor risk assessment. Kindly clarirify
Forum Posts
Resolved! Mail-Merge Template and Issue Record Creation Question
Hi, We are migrating from RSA Archer GRC to ServiceNow GRC and I have questions: 1. RSA Archer has a mail-merge capability, how can we create a mail-merge like formatted/structured reports in SNOW? We have been migrating from Archer to SNOW an...
Resolved! entity relationships in GRC are very confusing
Hi All, I'm trying to properly understand how everything is working with regards to entity relationships. I'm trying many different scenarios and I cannot understand the logic. reading through the documentation and going through the videos on entit...
Resolved! How can I create a multiple choice quiz question that allows users to tick all correct answers?
As required by our 27001 Information Security Management System (ISMS) accreditation, I am trying to create an Information Security Awareness quiz to test staff knowledge of our ISMS system. I am using the quiz functionality of assessments. I would...
Resolved! How can I change the control state directly from "draft" to "monitor"
Hi, We have discovered that due to an scheduled task some controls which were already attested this year were triggered by a nightly scheduled job to put the controls in attestation, We now want to cancel those attestations but also put them in monit...
Resolved! Entity Classes and Entity Class rules
Hi, I'm working on entity scoping and came across an issue. I would like to have an entity class for vendors and for Companies. but vendors are actually records within the company table as well. so I can't create a rule to map the company table to ...
Resolved! GRC.System user from GRC plugins?
Does anyone know the purpose of the GRC.System user account that is brought in when activating the GRC plugins? I have a client who flagged this due to it containing the platform admin role (not just the scoped GRC admin role). I can't find details a...
Resolved! What determines the STATUS of a control in GRC?
I have a policy with an associated control objective, control, indicator template and indicator. The indicator shows passing as the last result. What changes the status of the control itself? It shows non-compliant? Is that tied to the attestatio...
Resolved! GRC Policy Version management
Hello, Have anyone come across requirement to policy version management ? Also The html content should be easily editable and reviewable same as in a word doc.Any pointers ?Best,Ashik
Resolved! Valid to date issue
Hi team, Consider a scenario where someone has raised a policy exception with all valid values and it has been sent for approval and its waiting for the approval and in between the valid to field expires. Then if someone approves a policy exception w...
Resolved! GRC Tutorials
We are planning to implement GRC Policy and compliance ,I am newbie to it ,can anyone help me with some good reading docs,I have gone through community and read some articles but I am looking something more advanced.
Resolved! Examples of FAIR methodology implemented within SeviceNow Risk Management or Advanced Risk?
Hello! Does anyone know of examples where a ServiceNow customer has successfully implemented Risk Management following the FAIR methodology? I know there is a RiskLens integration available to bring in additional risk data, but it seems to be supple...
Resolved! Not able to add background colour for the field
Hi all, I have a choice field which has four values 'Low,medium,high,critical', as per the value selected I have to display background colour in that field.I have Configured styles accordingly but still it doesnt show the background colour. Can anyon...
Create an email notification for when a policy is due to expire in 1 month
I need to create a new email notification for when a policy is to expire in 1 month. Please can anyone help. I have gone to notifications, selected the table sn_compliance_policy Send when - Event is fired Not sure of the event name Condition - Vali...
Resolved! Security of the Vendor Risk portal
Does anyone know of a 1-page architecture diagram that illustrates the security of the Vendor Risk service portal?
