Best way to gather evidence for Control?

vineethnair
Tera Contributor

‎11-30-2016 07:35 AM

Hello,

When a create an audit workbench defining the scope of the audit by including the profiles, controls, risks etc. What is the best way to ask all the control owners to ask for evidence during that point of time? I am aware of the functionality where we can generate control tests based on the test plans associated with the controls. As an organization, we are not yet mature in maintaining test plans for each and every control documented within service now. Is there a functionality to generate attestation survey in bulk to all the control owners ? Similarly to the "Attest" button functionality available on the Controls.

Thanks.

0 Helpfuls
  • 2,256 Views
13 REPLIES 13

Syra Arif
ServiceNow Employee
ServiceNow Employee

‎04-18-2017 08:10 AM

Hi Vineeth - you can create an attestation under 'administration - attestation types'. This can then to be tied to controls in order to execute an attestation survey that covers many controls at once. However - regarding your ask to 'gather evidence', this may best be achieved using Indicators (either basic for automated evidence gathering) or manual to kick off tasks to individuals to gather evidence in a scheduled manner.



find_real_file.png


Preview file
20 KB

cbryant
Mega Contributor
In response to Syra Arif

‎04-18-2017 08:54 AM

If you want to capture it manually, do you just need to define the frequency and what the expected test results would be to determine the control status?  


0 Helpfuls

Syra Arif
ServiceNow Employee
ServiceNow Employee
In response to cbryant

‎04-18-2017 09:02 AM

Yes that is correct.



Please take a look at indicator information here: https://docs.servicenow.com/bundle/istanbul-it-business-management/page/product/grc-indicators/reference/continuous-monitoring.html (note this is for Istanbul)



--



Syra Arif | Security Solutions Architect


ServiceNow - Transform IT


(m) 440-212-6291


www.servicenow.com<applewebdata://7892E6AE-10FF-4BAC-ADDE-497EEC8EC62E/www.servicenow.com>


Follow us: Facebook<https://www.facebook.com/servicenow> | Twitter<https://twitter.com/servicenow> | LinkedIn<https://www.linkedin.com/company/servicenow> | Google+<https://plus.google.com/115488537275748680936/posts> | ServiceNow Community<https://community.servicenow.com/welcome>


cbryant
Mega Contributor
In response to Syra Arif

‎04-18-2017 09:24 AM

Thank you



Very Respectfully,




Chris Bryant



Security Compliance Program Manager





cbryant@bluelock.com<mailto:cbryant@bluelock.com>



office 888.402.BLUE (2583) ext 115



bluelock.com





This message (including any attachments) may contain confidential information intended for a specific individual and purpose, and is protected by law. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.


Preview file
1 KB
Preview file
6 KB
Preview file
5 KB
0 Helpfuls