We are not currently using UCF with no immediate plans to purchase a license for integration. Unfortunately, all the GRC documentation only seems to refer to UCF and no other way to import controls. Is there a tutorial or some guidance that can be fo...
Hi Can someone please give me a better understanding of indicators, Probably a layman's explanation Are control and risk owner mandatory, are they the ones to oversee the attestation and assessment can the control owner and risk owner be the same a...
Hi All, I am a newbie to the GRC and planning to implement it. Can you please tell me what all things I need to consider for the implementation and share any implementation document with me. Basically, I am looking for a technical implementation docu...
Hello Everyone, I am looking for top 10 use cases for continuous controls monitoring (CCM) using SNOW GRC both IT and Non IT
I have a control objectives that are related to my policy that create a four layer deep relationship with other control objectives (using the parent-child) relationship. If I check the compliance of the deepest level (Child objective level 4), does ...
A client hospital wants to know if NOW Platform is HiTrust certified. I know in GRC via UCF you can get Hitrust citations, but here we are referring to the NOW Platform being HiTrust Certified like it is for SSAE18, ISO.... etc.
Hi, In New york release notes it states "Your vendor contact can upload a prefilled SIG spreadsheet or take a form-based questionnaire which gets imported to the instance. " Before NY release there was a link to download them now that there is no l...
Please guide on how to get the latest SOC 2 report
Hi Team, Is there any way to export an excel template for Risk Assessment Designer to be used for creating set of questions? Is there any way to Import a set of questions (an excel file) to Risk Assessment Designer? Your help will be much appreciated...
Hello all, In this 20 minutes tutorial, ServiceNow specialists will present a step-by-step guide to get you and your team confident and ready for implementation. They will share some best practice tips and provide resources to make sure you are all...
Are policy written from citations? Are authority document a framework can an organization have more than one framework/authority documents How is control objective related or connected with control? Please, I need a layman's explanation once UCF is a...
Hello, I want to understand how authority documents are updated in SN. I understand that once we activate the UCF plugin, it allows you to import all the documents in SN. However, when the authority documents/citations/regulations gets updated on UCF...
Hi,We have an edge encryption proxy which work on another port than the 443 due to security constraint.This configuration generate white screens because some redirection in iframe are not the same "domain:port".The glide.set_x_frame_options properti...
If I have a manual indicator frequency set (say 1st of each month), is it the 'GRC indicator nightly run' that creates the new indicator tasks when the date is correct? In our system, this job is currently not active.
We've been trying to get the GRC Attestation OOTB assessment notification firing when the control state changes to Attest. We have tried various workarounds including changing the Notify Assessment User BR to include "Attestation" and changing the O...
