Hi All, We are trying to implementing Due Diligence(DDR) in GRC Vendor Risk Management, as part of the DDR process the internal team can also assess the Vendor Risk Assessment with the help of below OOB system Property.//Start Allow TPR assessors to...
Hi All, We have created a "integration registry" for policy exception on change request table as below. When we care clicking on policy exception UI action a pop up will be shown as below which will have 3 questions which are configured in Assessment...
Hello community,we have this issue on the customer's TEST instance.Popup window/Preview does not open for the sn_grc.business_user_lite role on the Indicator Task form.It works fine for me as an admin, it works fine for the sn_grc.business_user role ...
HiIn ServiceNow Security Center, There is a Best Practices tab included in it. I am looking to get that tab on my instance security center to follow the best practices mentioned in it. I need to know, where to start, and is there any plugins/applicat...
The Risk Identification record keeps on being created in State = 'Information gathering' when the Entity.Owner is filled up. If the created Entity from the flow has no Owner field filled in, the record is set to 'New' State as intended There is noth...
Hi, Does anyone know if there is a document which maps ServiceNow features/properties to the NIST 800-53B control set? Thanks,Declan
I have created a grouped attestation with same response. Now, I need to change it to different response type. How can i change the existing group atttestation? OR is there a way that we can ungroup the attestation and the create a fresh a grouped att...
I need to setup an Evidence request feature in GRC Audit management.
Scope: GRC: Policy and Compliance ManagementTable: Policy [sn_compliance_policy]Field: Type [type] The Type field is an inherited reference dropdown field from the Parent table "Document" [sn_grc_document]. It references "GRC Choices" [sn_grc_choice...
can we change the scheduler for a risk assessment methodology, as in business days instead of calendar one's?like the overdue days, we just mention the number and it works based on calendar days . can we update to business days
There are many documents that need to be requested from each vendor. To enable this, document request templates need to be designed. I am familiar with the fact that there is a specific question structure that needs to be followed when designing docu...
Hi Team,I am using coalesce true on this field which has source script, if sys_id matches with target table reference field sys_id it should Update it, which is not happening. can you help me in this?
Hello community,I have a requirement from a customer to create a new choice for the Result field on the Indicator Task table.I created a new choice on the sys_choice table so now I have these three choices (they also wanted to change the label):And m...
Hi Everyone, Let's consider a scenario where we have a parent entity A with child entities B and C. Let's also consider that we have 5 controls for each of these entities. If I open up the record for entity A, my understanding is that the compliance ...
Where in the configuration does the residual risk calculation take into account any non-compliant controls? My assumption is that the residual risk score should automatically be lowered if there is an associated non-compliant control.
