I am weighing an option of not relating control objectives to polices in our environment. I understand the the basis for relating is control objectives to policies may be: 1. The related control objectives provide the foundation for the policy. On...
I have sub-Prod instance which was recently upgraded to Orlando version. When trying to add a Table to new Entity Type Filter, the only option shown is None. Verified that all entitlements are available in this instance. Is there a property or anoth...
Hi Team, We are trying to use a custom scoring logic to calculate the Inherent Risk in Advanced Risk Assessment Instance. We understand it gets calculated from Impact & Likelihood factors. But tried to find out the relevant business rule but failed t...
Hi Everyone, There are two read only fields for Entity table called "Inherent Score" and "Calculated Score". Is there any out of the box way to populate these fields automatically based on the scores of all Risks associated with this Entity? Please r...
We are configuring our Risk Criteria to be able to produce the custom Risk Matrix from the image provided. We are using qualitative approach. The combination of Impact and Likelihood must result to Inherent score of Low, Moderate, High and Extreme ...
I have seen in demo videos there is a GRC Portal webpage that shows widgets for My Attestations, My Issues, My Risk Assessments and so on. How/where can I install this in my developer instance? I do not see anything in plug-ins. Thank you-
I'm a bit confused of the intended use of the "Issue Manager Group" and "Issue Manager"? The documentation says; "The group/user responsible for managing and reviewing the issue." Our interpretation of this was at first that this could be the Risk Ma...
Hi all, I see that some products have licenses based on the number of GRC users (e.g. "1,000 GRC Users Included"). I wonder what do we intend for GRC users. I understand the number of GRC users is the number of users having at at least one GRC role (...
Hi All, I have assigned sn_grc_admin to few user and seems like this role definition is "Provides administrative rights to the GRC suite of applications and modules”. Possible a user can delete record? How do i find out how capacity of this role? Tha...
Hello all: I've been struggling with how to properly categorize risk by the Risk Framework in the GRC Risk Application. I've taken the GRC Fundamentals class and the examples of Risk Framework categories were: 1. Physical and Environmental Threats ...
#grcDescription: As a Risk management process Owner, I need the COBIT 5 risk framework installed so that I have an initial risk framework to build from.Acceptance Criteria: I know this story is complete when I see the COBIT 5 Information in the Insta...
Has anyone dealt with automatically-generated audit issues (IPT, labeled as "Issue created from Group by Control Owner")? If the issues is manually generated, is this not redundant? Thanks!
We are doing a ServiceNow/Slack integration and created a scripted REST service that Slack requests from. However, these requests technically are coming from Slacks servers who use AWS. Their IP addresses are dynamic and constantly changing.Becau...
Hi Team, We are trying to integrate Servicenow with Big ID and we thought of listing out steps as below, 1. Big ID Integration (Configure Data Source(s) and pull data into Servicenow) 2. Transform and Map Big ID data to CMDB tables(Asset and Business...
Hi, I have a question about creating a risk when my control status becomes Non - compliant and an issue is created. From my understanding, when a control owner attests a control and the control status changes to 'Non - compliant' -> An issue is aut...
