GRC forum

Menu side is hidden

I cannot find the left-handed menu side, which I cannot identify why it is hidden. Please suggest. Thank you so much

Resolved! Control Attestation vs Continuous Controls Monitoring

Hi,From the ServiceNow documentation, I see that control attestation is to just confirm that the control is in place.However, it seems to me at times that control attestations are made to perform the same functionality of continuous controls monito...

GRC Indicator

Hi everyone,I’m curious to know if your organization is currently utilizing Governance, Risk, and Compliance (GRC) indicators within ServiceNow. If so, how are these indicators being applied in your workflows?Specifically, I’m interested in understa...

Resolved! Replacing a Risk Assessment Methodology with a new one suggestions.

Hi all, (and Jan ) ,Any suggestions for the following post publication of a RAM that is to replace existing? I'm adding a factor / text question to the group factor of the inherent assessment section of a Risk Assessment Methodology(RAM).The RAM has...

BCM -- BIA creation for a depatment

We are about to begin a Business Continuity Management (BCM) implementation for one of our clients. Below is a summary of their key requirements:The client would like to create a Business Impact Analysis (BIA) for a specific department.Within this BI...

Resolved! GRC control status not updating

Trying to sort out the workings of GRC controls.Anyone has any ideas or pointers?Perhaps I'm doing something horribly wrong here, so any help is appreciated OverviewI can't seem to get a manual Indicator to update the Control's status.When setting an...

Resolved! How is Control Issue automatically created ?

Hello, OOB, there is an Attestation 'GRC Attestation' which has as question 'Is the control implemented?', if the user answers NO to this question, the control state is changed to non-complaint and an issue is automatically created. Q1: how is the co...

How to add Multiple Risk Assessment Methodologies to a single entity?

I need to perform a task to create three risk records with single entity and three RAM's should be added to each risk record to perform assessment.Any solution ?Thanks,

IRM Issue Manager role is MIA

In Zurich - in IRM - I am looking for the role SN_GRC.Issue_Manager and its not there.What this means is that in an Issue record when trying to add an Issue Manager Group, I cannot add any because the role for issue manager is MIA. Can anyone else pl...

IRM Access - R/O access for Watch List

Hello! I have been getting stuck with an access use case. We leverage a MSP and they have a compliance team that requires read only access to issues that were identified by MSP employees. We have been adding the MSP employees to the watch list and pr...

What Function/Script Sets the Approver for a Policy Exception Extension

Hello!I've recently been asked to review how the approval is being generated for Policy Exception Extensions (and potentially change it). I know that it goes to the person in the "assigned_to" field on the Policy Exception, but what I can't find is w...

Smart Assessment Engine

Hi Everyone!In order to migrate legacy attestation to Smart Assessment, we have an OOTB Workflow - Generate smart assessments for control. This workflow is not getting triggered on updating the state of control to Attest. It's throwing an error - "Ta...

BCM module has complete button inactive for dependency assessments

I have a user who is attempting to complete their BIA. In one of their BIA's, there are no vendors to add in the dependency assessment for that particular BIA. However, the Complete button is grayed out, and they are unable to submit the BIA since ...

How to edit Declarative action 'Risk Assessment' in Regulatory Alert records in Compliance workspace

I am trying to edit list of entities which should show up when clicked on 'Risk assessment' in Regulatory Alert record in compliance workspace. Could anyone help me on how to do it, please ?I am unable find the event which declarative action 'Risk As...

How to change order of related List in BCM

Hi Folks,I need help with reordering of the related list in Business Continuity Workspace(BCM) -> Plan.I have tried updating related list on sn_bcp_plan under workspace view and reordering workspace view rules but it haven't helped.Problem is when I ...

Forum Posts

Menu side is hidden

Resolved! Control Attestation vs Continuous Controls Monitoring

GRC Indicator

Resolved! Replacing a Risk Assessment Methodology with a new one suggestions.

BCM -- BIA creation for a depatment

Resolved! GRC control status not updating

Resolved! How is Control Issue automatically created ?

How to add Multiple Risk Assessment Methodologies to a single entity?

IRM Issue Manager role is MIA

IRM Access - R/O access for Watch List

What Function/Script Sets the Approver for a Policy Exception Extension

Smart Assessment Engine

BCM module has complete button inactive for dependency assessments

How to edit Declarative action 'Risk Assessment' in Regulatory Alert records in Compliance workspace

How to change order of related List in BCM

Control Assessment and Effectiveness - Control Env...

Multiple evidence collection under Evidence Reques...

SOC Report Complementary User Entity Control Attes...

TPRM - Engagement calculation

Get proper inherent risk score using 6x6 risk matr...

Is it possible to clone the DEV instance in a Syst...

Level Wise Smart assessment

Workflow Data Fabric and GRC Indicators

GRC Module explore

Any one help me to find the risk Acceptance workfl...

Privacy - Smart assessments

Control owners should only be able to see controls...

IRM 3 states Control Attestation template Use Case

You are not entitled to use risk event as per your...

GRC risk approval best practices