Resolved! Role required to view GRC attestation
Hi, What is the role required to access attestation results for a control? sn_compliance.admin doesnt let user to view attestation result. Thanks.
Forum Posts
Resolved! Policy exception workflow
Hi All I need some guidance urgently . When my policy exception record is getting expired ( valid to field expires ) , my policy exception is moving to awaiting approval . I want the policy exception record to move to closed . I have changed the P...
Authority Document, Citation, Control Objective mapping
Does ServiceNow provide any Graphical viewer of all authority document, citations and control objective? Right now the way it pull everything to CMS, it is very difficult to view everything in a single view.
Attestation Frequency
I have a few controls, where the attestation frequency is set to 'none', but after the attestation recipient completes the form, the nightly scheduled process sets it back to Attest. (Activity journal shows Administrator, System - State Attest was R...
GRC Control Attestation Delegation
Hello Experts, Has anyone came up with a solution to delegate an attestation to another person, when he/she is not available? I have checked with ServiceNow, and they confirm, they dont have that option out of box. So I wanted to check, if anyone ha...
SOC 1 Type II Report
To whom it may concern, Could you please let me know where can I find the latest SOC1 Type II report? Thank you in advance. Kind regards,Sandor Molnar
Resolved! Policy Acknowledgement
I am looking for a way to have employees "Acknowledge" a policy in GRC. I was thinking of simply using the "Useful" UI Macro but due I was informed that the verbiage had to state "I have read and acknowledged this policy" then the Yes / No buttons co...
GRC- Attestations that have reset to draft based on making a change to the Control
After making a change to some control objectives (classification), it has set the controls back in to draft state. How can I move these in bulk back to review and monitor state and keep frequency the same from the initial attestation date?\ Thanks
Data Models
How do I request the data models for Integrated Risk Management / GRC
Resolved! Tutorial: How to implement Policy & Compliance and Risk Management
Following the pre-implementation episode, in this 6 minutes tutorial, Shauna and Donna are back to present a step-by-step guide to get you and your team up and running with Policy & Compliance and Risk. This is a must watch to reduce your "time to va...
Resolved! What is the purpose of the Type drop-down field on the Policy form?
Can anyone share the purpose or source of the Policy Type field? It is a drop down, and I'd like to understand how the values are intended to be used.
GRC Import
I noticed a feature to import stuff from UCF; is there a way to import other data or is there predefined controls based off of the authority (NIST 800-53) since UCF database is not maintained and not cross walked to industry standards. Also, is there...
Resolved! Is there a tutorial on how to import and map controls from a file?
We are not currently using UCF with no immediate plans to purchase a license for integration. Unfortunately, all the GRC documentation only seems to refer to UCF and no other way to import controls. Is there a tutorial or some guidance that can be fo...
INDICATORS, CONTROL & RISK OWNER ( ENTITY OWNER )
Hi Can someone please give me a better understanding of indicators, Probably a layman's explanation Are control and risk owner mandatory, are they the ones to oversee the attestation and assessment can the control owner and risk owner be the same a...
Resolved! GRC Implementation
Hi All, I am a newbie to the GRC and planning to implement it. Can you please tell me what all things I need to consider for the implementation and share any implementation document with me. Basically, I am looking for a technical implementation docu...
