There were some instances where the users contacted us asking to modify their responses as they misunderstood the questions or they had incorrect information at the time. Policy violation and fraudulent aside, from a technical perspective, is there a...
Hello, How can we map all IT Assets from CMDB to IRM Module in best effective way so that we can do Reporting on the Threat & Vulnerabilities associated with all IT Assets ? Do we need to create all IT Assets (CI Records) as Entity Records as a manda...
Can anyone please explain how compliance score is calculated. I'm using pdi (personal development instance) with servicenow sample data (san diego) In attached screenshot can anyone please explain why control is non compliant but control objective co...
New to ServiceNow and trying to clean up some older/stale policies. I have three records in "Awaiting Approval" state but do not show in the approval queue for the listed "Approver." How might I approach setting the records back to a Draft state t...
We are setting up GRC and using OOTB as much as possible but we have a slightly different response to our Risk Acceptance workflow. The OOTB behaviour is that the response approach of 'Accept' for a risk requires an approval from the risk owner. We w...
According to the IRM training guide Controls in the Draft, Retired or Not Applicable state are not included in the Control Objective Compliance Score Calculation. However, possible states of Controls are: draft, attest, review, monitor, retired, so N...
Hello Experts, I have seen in the attestation level the user able to re-assign the attestation's, If the user want to Delegate the attestation tasks. How to proceed. * added delegated user in the User profile, but delegated user did receive the at...
I have a notification with the following line. Evidence Collection Instructions: ${mail_script:evidence_evidence_collection_instructions} Looking at the mail script, I have the following. Line 7 & 8 should point to the following field on the screen...
When previewing a document template for BCM the document shown displays in Calibri font, as intended. However, when we generate PDF documents from BIAs Plans or Events the system changes the font to either Arial or times new roman. I have changed all...
Hello All, Can someone please help in providing the references for study material or Question dumps for CIS - Risk and Compliance certification? I have the eBook with me which I got during training. Thanks in Advance.
Hi all, I have a question about the new feature of the Confidentiality flag for audit and compliance records. It refers to "My tasks" in the workspace. Does that mean this feature is only available with the workspaces? Thanks. M.
We have "read" Acls on the GRC tables like risk, control table based on a field and a role. Only users with a specific role and the flag set to true will have read access to risks, controls, control objectives, risk statements, entity types, entities...
Only one primary contact for each table when ever we hit on new button to create a new vendor contact it should check the primary contact check box for existing records with the same vendor name("company" backend name) , If exists it should not allow...
Hi, I'm experimenting with the new "auto-update owner" flag in Entities. Created an Entity Type, see 1st screenshot (auto-update owner activated)The Entity is created with the correct owner from the source record when Scheduled Job: GRC Profile Gener...
Hi community, I have a question about sending Vendor Risk Assessment (will call it VRA) to multiple vendors at once. I have looked through the documentation, but it does not seem to include information on what I am looking for. OOTB the VRA is sent t...