In Audit Management, there is a feature that we can customize the Audit Report Template (Bring our own cover page with logos, internal pages to be popualted from audit findings and related tables). Similarly, how can we incorporate the template for ...
Documentation seems to be limited but what does "Submit for Review" do on a Business Impact Analysis. Nothing seems to happen when I click it. My guess is that it's supposed to be a trigger for a notification to the BCM Lead, alerting them to review ...
Hi, everyone.What are the timing and conditions for the following three items in the risk table to have values?・Inherent score[score]・Residual score[residual_score]・Caluculated score[calculated_score] An assessment is made, an evaluation is performed...
In a standard out-of-the-box ServiceNow instance, the system comes pre-configured to audit certain tables and fields. However, there may be times when you need to turn off auditing for specific tables or fields, or conversely, enable auditing where i...
Hi, Are there any concerns or precautionary steps to be taken before creating a new entity type in an established GRC setup?If yes, what are they?If no, can this be done directly in a production environment or should it go through a user story develo...
Hi community, I have a requirement to change the list layout of reference list when clicked on it in workspace. In compliance workspace, when i am trying to create a Risk and select Risk Statement, I want to change the fields that are displayed in p...
How the GRC have dependency in CMDB. If we importing CMDB manually in ServiceNow so what fields we should keep in our data that can be used in GRC in future. As CMDB will manually handled so we want know is there any field level relationship with GRC...
When using Advanced Risk Assessments, it seems the 'Residual risk' score remains fixed at the value it was last assessed at. When related controls change from compliant to non-compliant (or vice versa) the residual score is never updated. In the ex...
ServiceNow TPRM provides configuration options for setting up risk rating scales and scoring. 1. What are the implications if the risk rating scale and scoring are not set up at all?2. How would you define third-party risk area criteria (mandatory fo...
Hi All,I completed the Inherent Assessment, Control Assessment and Residual Assessment in an Risk Assessment.After completing the Assessment, Inherent risk is '9', Control effectiveness is '2' and Residual risk is "2". As you can see in below picture...
The assessment needs to be approved before submitting to the third-party. What do you recommend as the filter condition for the assessment instance in the approval configurator? Any other options to make this happen?
Hello,I’m facing an issue with my Business Rule, and I’m not sure how to resolve it.Here’s the scenario:I have a questionnaire for a Risk Assessment (4 questions).When a user fills it out, it creates or updates records in the asmt_assessment_instance...
I have created a group factor to assess individual controls on a risk assessment. The group factor contains a manual factor (manual selection of control effectiveness) and an automated scripted factor (to check if the associated control is non-compli...
Hi, I am at present trying to prototype automated control monitoring using Indicators.I have installed NIST CSF Usecase Accelerator. I am getting data from AWS and checking if all the AWS resources are compliant against the followingPR.DS-5 : Protect...
