SOC 1 Type II Report
To whom it may concern, Could you please let me know where can I find the latest SOC1 Type II report? Thank you in advance. Kind regards,Sandor Molnar
Forum Posts
Resolved! Policy Acknowledgement
I am looking for a way to have employees "Acknowledge" a policy in GRC. I was thinking of simply using the "Useful" UI Macro but due I was informed that the verbiage had to state "I have read and acknowledged this policy" then the Yes / No buttons co...
GRC- Attestations that have reset to draft based on making a change to the Control
After making a change to some control objectives (classification), it has set the controls back in to draft state. How can I move these in bulk back to review and monitor state and keep frequency the same from the initial attestation date?\ Thanks
Data Models
How do I request the data models for Integrated Risk Management / GRC
Resolved! Tutorial: How to implement Policy & Compliance and Risk Management
Following the pre-implementation episode, in this 6 minutes tutorial, Shauna and Donna are back to present a step-by-step guide to get you and your team up and running with Policy & Compliance and Risk. This is a must watch to reduce your "time to va...
Resolved! What is the purpose of the Type drop-down field on the Policy form?
Can anyone share the purpose or source of the Policy Type field? It is a drop down, and I'd like to understand how the values are intended to be used.
GRC Import
I noticed a feature to import stuff from UCF; is there a way to import other data or is there predefined controls based off of the authority (NIST 800-53) since UCF database is not maintained and not cross walked to industry standards. Also, is there...
Resolved! Is there a tutorial on how to import and map controls from a file?
We are not currently using UCF with no immediate plans to purchase a license for integration. Unfortunately, all the GRC documentation only seems to refer to UCF and no other way to import controls. Is there a tutorial or some guidance that can be fo...
INDICATORS, CONTROL & RISK OWNER ( ENTITY OWNER )
Hi Can someone please give me a better understanding of indicators, Probably a layman's explanation Are control and risk owner mandatory, are they the ones to oversee the attestation and assessment can the control owner and risk owner be the same a...
Resolved! GRC Implementation
Hi All, I am a newbie to the GRC and planning to implement it. Can you please tell me what all things I need to consider for the implementation and share any implementation document with me. Basically, I am looking for a technical implementation docu...
Resolved! CCM Use Cases
Hello Everyone, I am looking for top 10 use cases for continuous controls monitoring (CCM) using SNOW GRC both IT and Non IT
Resolved! If a control objective has a child objective and you put an indicator on the child, will the compliance roll up to the parent?
I have a control objectives that are related to my policy that create a four layer deep relationship with other control objectives (using the parent-child) relationship. If I check the compliance of the deepest level (Child objective level 4), does ...
Resolved! Is ServiceNow Platform HiTrust Certified? Can someone point me to any documentation regarding this certification pls?
A client hospital wants to know if NOW Platform is HiTrust certified. I know in GRC via UCF you can get Hitrust citations, but here we are referring to the NOW Platform being HiTrust Certified like it is for SSAE18, ISO.... etc.
Resolved! From where can we download the Vendor Risk SIG Questionnaire ?
Hi, In New york release notes it states "Your vendor contact can upload a prefilled SIG spreadsheet or take a form-based questionnaire which gets imported to the instance. " Before NY release there was a link to download them now that there is no l...
Resolved! How to get the latest SOC 2 report
Please guide on how to get the latest SOC 2 report
