GRC forum

VRM to TPRM capabilities

Hi, Looking for documentation on the capabilities that were changed/renamed, introduced, and retired as part of VRM being rebranded into TPRM

Hi All, I want to leverage the Help section in the top-right corner of the screen for my users and point them to our internal Documentation for ServiceNow IRM/GRC. I would like to have this based on the form the user is on, Issue, Policy, Engagement...

How to Transition Controls Stuck in "Attest" Phase to "Monitor"

Hello GRC Community, During a control attestation campaign, I've noticed that some attesters don't complete their assessments, which results in certain controls remaining stuck in the "Attest" phase. Is there a way (excluding Fix Script) —either via ...

Automating Risk Assessment Scope and risk creation should be based on scope created

Hi,Requirement: I want to automate the process of risk assessment scope and risk created should be making use of that scope. Currently I've configured Entity Class >> Entity type and entity filter based on business application and when the scheduled ...

Resolved! SCF Framework implementations

I am currently exploring the implementation of the Secure Controls Framework (SCF) in our organization. While conducting my research, I came across the Autorotative sources and control objectives on the official SCF website (https://securecontrolsfra...

How to configure control assessment tab table in risk assessment form

Dear Experts,Does anyone know how to add new fields in the control table in the risk assessment form (control assessment tab) as shown in the screenshot below. I have surf the community and has prompt me to edit the UI page related to this but since ...

I could not find the Vendor Portal plugin.

Dear experts, I would like to know whether this GRC Vendor Portal plugin is expired or changed its name? Because I could not find this plugin even though I type in the ID of this vendor portal. I already installed the vendor risk management plugin, a...

Configuring multiple users as assessors in assessment scheduler

Hi,I want to schedule assessments with multiple assessors. In assessment scheduler, i do not find an option to specify multiple users under assessors as in assessment scope. Can anyone please suggest how this could be done? Regds,Shanker

Policy Lifecycle Document

Hi Everyone, Can anyone provide me policy management lifecycle detailed document?Lifecycle comprises of all five stages - Draft , Review,Awaiting approval,publish , retired.How policy moves from one state to another ,which business rule gets activate...

UCF Implementation Common Controls

Is there a way to bring the "Implementation" UCF Common Controls into IRM along with the "Mandated" and "Implied" common controls?

UCF Updates

What is ServiceNow's stance on the best way to integrate updates to UCF in ServiceNow? If we have a control objective that we are actively using, and UCF remaps their common controls in a manner that removes that control objective IRM from our baseli...

Resolved! Group Factors in Advance Risk Assessment

Hi All, I've a requirement to create an assessment with the below set up,Confidentiality for regulatoryConfidentiality for FinanceConfidentiality for safety Integrity for regulatoryInventory for financeInventory for safety The same as above for avail...

Handling Phishing Scams

Hello, I am new to this forum and have only been in ServiceNow for about a half year. Where I could use help with is in the "phishing" area. We get buried in phishing e-mails almost on a daily basis. We have an e-mail address where these can be sen...

Combining Smart Assessments (combine your assessments into a single submission)

Hi! I am experimenting with the Smart Assessment feature in Xanadu. It appears that there is still a constraint that in order to combine assessments, they must all be from the same Assessment template. I do not see this specified anywhere in the docu...

GRC - Fiscal year reporting

When building a bar chart using fiscal year, the x axis doesn't display the label (.i.e. the FY). But if i change it back to Calendar year it does, Is there any way to get the Fiscal Year labels to display? Thanks

Forum Posts

VRM to TPRM capabilities

Help Menu/Section

How to Transition Controls Stuck in "Attest" Phase to "Monitor"

Automating Risk Assessment Scope and risk creation should be based on scope created

Resolved! SCF Framework implementations

How to configure control assessment tab table in risk assessment form

I could not find the Vendor Portal plugin.

Configuring multiple users as assessors in assessment scheduler

Policy Lifecycle Document

UCF Implementation Common Controls

UCF Updates

Resolved! Group Factors in Advance Risk Assessment

Handling Phishing Scams

Combining Smart Assessments (combine your assessments into a single submission)

GRC - Fiscal year reporting

risk statement Duplicate “Related Risks” displayed...

Where can I find the pop up for related list decla...

Multiple evidence collection under Evidence Reques...

SOC Report Complementary User Entity Control Attes...

TPRM - Engagement calculation

Authority documents and Citations

Can you change the orientation of a RAM's Heatmap?

Is it possible to clone the DEV instance in a Syst...

Level Wise Smart assessment

Workflow Data Fabric and GRC Indicators

GRC Module explore

Any one help me to find the risk Acceptance workfl...

Privacy - Smart assessments

Control owners should only be able to see controls...

IRM 3 states Control Attestation template Use Case