GRC forum

Why the font of subject and body of the notification is different here?

Hi Team,Why the font of subject and body of the notification is different here? I am using email script to populate the body and subject.Thanks

Similar to Audi Report Template, can we have custom template for Policy Exception /Risk Assessment

In Audit Management, there is a feature that we can customize the Audit Report Template (Bring our own cover page with logos, internal pages to be popualted from audit findings and related tables). Similarly, how can we incorporate the template for ...

"Submit for Review" Business Impact Analysis

Documentation seems to be limited but what does "Submit for Review" do on a Business Impact Analysis. Nothing seems to happen when I click it. My guess is that it's supposed to be a trigger for a notification to the BCM Lead, alerting them to review ...

When are the items in the risk table set to values?

Hi, everyone.What are the timing and conditions for the following three items in the risk table to have values?・Inherent score[score]・Residual score[residual_score]・Caluculated score[calculated_score] An assessment is made, an evaluation is performed...

Exclusion List Auditing: Activating and Deactivating Auditing for Specific Tables or Fields

In a standard out-of-the-box ServiceNow instance, the system comes pre-configured to audit certain tables and fields. However, there may be times when you need to turn off auditing for specific tables or fields, or conversely, enable auditing where i...

Concerns or pre-requisite steps before creating a new entity type and entities in GRC

Hi, Are there any concerns or precautionary steps to be taken before creating a new entity type in an established GRC setup?If yes, what are they?If no, can this be done directly in a production environment or should it go through a user story develo...

Configure list layout of reference field when clicked on it in workspace

Hi community, I have a requirement to change the list layout of reference list when clicked on it in workspace. In compliance workspace, when i am trying to create a Risk and select Risk Statement, I want to change the fields that are displayed in p...

GRC relation with CMDB

How the GRC have dependency in CMDB. If we importing CMDB manually in ServiceNow so what fields we should keep in our data that can be used in GRC in future. As CMDB will manually handled so we want know is there any field level relationship with GRC...

How to get Advanced Risk to dynamically calculate current risk score

When using Advanced Risk Assessments, it seems the 'Residual risk' score remains fixed at the value it was last assessed at. When related controls change from compliant to non-compliant (or vice versa) the residual score is never updated. In the ex...

Risk Scoring Recommendations (Third-party Risk Management)

ServiceNow TPRM provides configuration options for setting up risk rating scales and scoring. 1. What are the implications if the risk rating scale and scoring are not set up at all?2. How would you define third-party risk area criteria (mandatory fo...

How Inherent ALE and Residual ALE is calculated in an Advanced Risk

Hi All,I completed the Inherent Assessment, Control Assessment and Residual Assessment in an Risk Assessment.After completing the Assessment, Inherent risk is '9', Control effectiveness is '2' and Residual risk is "2". As you can see in below picture...

What is the GRC licence cost for mid-sized enterprise

Assessment Approval Configuration (Third-party Risk Management)

The assessment needs to be approved before submitting to the third-party. What do you recommend as the filter condition for the assessment instance in the approval configurator? Any other options to make this happen?

Trigger a BR after all records are updated

Hello,I’m facing an issue with my Business Rule, and I’m not sure how to resolve it.Here’s the scenario:I have a questionnaire for a Risk Assessment (4 questions).When a user fills it out, it creates or updates records in the asmt_assessment_instance...

Automated Scripted Factor for Non-Compliant Controls

I have created a group factor to assess individual controls on a risk assessment. The group factor contains a manual factor (manual selection of control effectiveness) and an automated scripted factor (to check if the associated control is non-compli...

Forum Posts

Why the font of subject and body of the notification is different here?

Similar to Audi Report Template, can we have custom template for Policy Exception /Risk Assessment

"Submit for Review" Business Impact Analysis

When are the items in the risk table set to values?

Exclusion List Auditing: Activating and Deactivating Auditing for Specific Tables or Fields

Concerns or pre-requisite steps before creating a new entity type and entities in GRC

Configure list layout of reference field when clicked on it in workspace

GRC relation with CMDB

How to get Advanced Risk to dynamically calculate current risk score

Risk Scoring Recommendations (Third-party Risk Management)

How Inherent ALE and Residual ALE is calculated in an Advanced Risk

What is the GRC licence cost for mid-sized enterprise

Assessment Approval Configuration (Third-party Risk Management)

Trigger a BR after all records are updated

Automated Scripted Factor for Non-Compliant Controls

TPRM: Document Request template - How to create a ...

Query regarding svdp portal

Filter option needs to be enabled

SAE Combine Assessment Button missing in complianc...

How VTA scoring works in VRM/TPRM

Classic vs. Smart Assessments Implementation

Clarification on Usage of Category vs. Type Fields...

Error Importing Shared List in ServiceNow–UCF Inte...

Download assessment questions

How to customize reference information for assessm...

workspace list Action "new" Button display twice f...

What is the 'Category' field used for in Citations...

Vendor Management Workspace 21.1.5 – record-vertic...

Best Practice for Adding in Citations

How to change visibility for Add Related asset but...