Hello, I have been tasked with assessing the controls for ServiceNow (they are providing service to us). As a result, I need access to SOC 2 Type II (full report) and ISO 27001 documentation (including Statement of Applicability and the testing resul...
Hello, Could you please advise if there is any new ISO27001 certificate available. I only found those covering 1st Sept 17 to 30th Sept18 and ISO27001 certificate only until December 2018. I'd like to know if you're currently being audited for new on...
Hi all, Need one very quick help. Can i have multiple controls linked to 1 Policy Statement (Control Objective) which is tied to a Profile Type (Finance) and i don't check "Create controls automatically", and lastly i create controls manually, link i...
I need to create the process flow of risk management module in servicenow. Can someone help to understand the entire process?
I am planning to test the GRC part of ServiceNow on NewYork developer instance however for certain plugins it says "a fee-for subscription", is it paid plugin on developer instance as well or is it just for the production instance? For ex. GRC: Polic...
Hi All,We are in the process of setting up and configuring our CMDB within SN. One of the teams have asked if there is the functionality of storing usernames and passwords within the CMDB i.e. for particular servers. If this is possible what issu...
I'm looking for the steps/process to configure a local MID server to be able to pull down the security logs from our production instance of ServiceNow. Thank you.
I have questions related to defining the best configuration for Profiles types, etc. I believe I understand the basic concepts (create Profile types, define Profile filters, associate Policy statements, controls generate, etc. ) What is challenging ...
Based on Vendor selected in Tiering Assessment, I need to hide some questions present in assessment triggered. For more information please find the attachment
What's the purpose of the new "Content Reference" feature/Related List on the Authority Document form? Where can I find documentation on this?
Hi All, I am still in the learning phase of the GRC module. Please help me in understanding or clarifying the below - Controls have attestation and Indicators. Based on attestation response, controls are marked either compliant or non-compliant. Simi...
How to create COntrol Tests in GRC. I do not see the IT GRC -> Control Tests as given in the Madrid Docs. I believe Attestations are created to check the Control Design Effectiveness. How to check the Control Effectiveness in GRC
In preparation for my next project, I'm reading through the GRC documentation and I'm a little confused. This is what I understand it is saying:Profile type has a single reference to a profile classAny record in ServiceNow can have a profile generate...
Hello everyone, I'm working on the DEV instance (Madrid version) on GRC - Policies and Compliance for a long time. I've customized a lot of different fields, tables, labels and so on. I would like to export this work in a different instance. I would...
In the Citations table, citation names sometimes contain characters/symbols that are unreadable by JavaScript and it's causing my script that works otherwise not to work. To test this I would copy a query from the citation table where the name had a ...
