Clarification on Usage of Category vs. Type Fields on Control Objectives

Go to solution
HarshC303096983
Tera Contributor

2 weeks ago

What is the difference between the Category and Type fields on the Control Objective record, and when should each be used?

 

The client is looking to clearly delineate control objectives across different domains (for example, IT, Enterprise, Privacy, etc.) within the system. They would like to understand whether ServiceNow provides a defined or recommended purpose for each of these fields and how they are intended to be used when classifying control objectives.

 

Specifically, the goal is to ensure that these fields are used consistently and meaningfully to support reporting, governance, and differentiation across control domains. 

Please do not use AI when responding, thanks. 

0 Helpfuls
  • 327 Views
1 ACCEPTED SOLUTION

Go to solution
Matthias Ferstl
Giga Guru

2 weeks ago

Hi @HarshC303096983 

 

these Categories and Types are mostly used in Frameworks like NIST or ISO27001, or other.
There are no automations or flows depending on those categories, so you CAN tailor the choices without any impact to functionalities, as they are mostly needed for filtering (as for example in reports).

 

But:
If you customer wants to implement some of the industry standards, it might be better to assign Types and Categories to Control Objectives (and use the given ones), rather than adjusting too much.
It is also recommended that you disable options rather than delete them when customizing the drop-down lists.

 

 

Please mark answers (not only mine) as helpful if they were
and "accepted solutions"This motivates others to take part, post solutions and find answers. Thanks! - Mat

View solution in original post

0 Helpfuls
1 REPLY 1

Go to solution
Matthias Ferstl
Giga Guru

2 weeks ago

Hi @HarshC303096983 

 

these Categories and Types are mostly used in Frameworks like NIST or ISO27001, or other.
There are no automations or flows depending on those categories, so you CAN tailor the choices without any impact to functionalities, as they are mostly needed for filtering (as for example in reports).

 

But:
If you customer wants to implement some of the industry standards, it might be better to assign Types and Categories to Control Objectives (and use the given ones), rather than adjusting too much.
It is also recommended that you disable options rather than delete them when customizing the drop-down lists.

 

 

Please mark answers (not only mine) as helpful if they were
and "accepted solutions"This motivates others to take part, post solutions and find answers. Thanks! - Mat
0 Helpfuls