I found an old post that provides information about Compliance Reports, in particular, SOC 1 TYPE 2 Report from ServiceNow https://community.servicenow.com/community?id=community_article&sys_id=350f2115dbe9a300107d5583ca9619ae I looked at the https:/...
Can you confirm what are the roles within the BCM module? For e.g. a Risk Module has Risk Admin, Risk Manager etc?
I am new to GRC:Risk Mangement , I want to set the qualitative feature to true to compute risk score in risk register . Can anyone tell me how can i do that? Also when a risk is created through risk statement and after filling the assessment question...
I have few controls for which attestations are not at all getting created. The control is already associated to the attestation. I notice this happening, when I make some changes to the attestation in our dev environment and then commit those changes...
Hello Experts, We have this flag exempt. But I am not sure what is the business use of this. I know that if issue is accepted, an exception needs to be created. But Who sets the exempt flag? What happens if exempt flag is checked? Does it not gener...
can anyone explain about below four integrations.which is better and why, what does it brings. ions
I understand that the sn_grc roles are changing in Orlando (per this post https://community.servicenow.com/community?id=community_blog&sys_id=7d07e198db4b0cdc5ed4a851ca961994)The question I have is based on the following scenario. I have two differen...
Hi All, We are in the process of implementing Risk Management and have a custom rating matrix as shown below. Depending on the Likelihood and Impact the score should be A, B, C or D. Can someone please suggest how to adjust these values in the Risk C...
We are debating whether to setup our internal Quality Manual (which contains our basic IT general controls) as a Authority Document or a Policy. Is there a reason why we couldn't\shouldn't setup as an Authority Document? Appreciate any suggestions.
hello all, We recently installed few grc modules and I am trying to figure out the hierarchy of risk levels and tables. We have some custom framework already set up and we have Risk levels 1,2,3,4 as individual tables. Do we have such hierarchy in gr...
Why we have control objective in citation. can anyone give me an example and explain
How do I delete Entities that are not related to any other record. I cannot even remove the Entity Filter in the Entity Type. We are going through a clean up effort on old data before we launch our go-live and this is the last remaining piece. Any he...
Hi, What is the purpose of GRC indicator and indicator templates? How is the indicators in Policy and Compliance related to Audit mangement indicators? Thanks.
Hi, I'm looking to move data from RSA Archer to ServiceNow. Please share any data migration experience/challenges you had experienced. Thanks, Ashraf
