Calculate CIA rating for a Business Service

NLG · ‎01-16-2024

How can I calculate CIA rating for a Business Service based on the Risk Assessment.

I need to use the GRC out of the box assessment Risk Assesment and calculate a CIA - confidentiality, integrity, availability score for one of the Business services.

How this CIA rating is calculated and where I can configure/see it?

Where is this stored?

How is this linked to the Business service?

Jason Biden · 3 weeks ago

@NLG we are having the same requirements, did you manage to get any solutions to your question?

Connor Levien · 3 weeks ago

@NLG there are a few ways to do that in ServiceNow. One way is using an object Risk Assessment Methodology targeting the business service table with a factor or group factor for confidentiality, integrity, availability. Once it is complete you would use a flow that copies the Risk assessment instance response (where the confidentiality, integrity, and availability calculated scores are captured) to the CIA fields on the business service table or make a database view to show them joined on without the need for new fields.

Generally though you want to do it on a business service offering not just a business service as a business service offering is an instance of the service whereas Business Service is a logical grouping/template