Compliance Score of Entity A Required to Track Compliance Score of All Downstream Controls

VM7
Tera Contributor

‎01-02-2024 03:49 PM

Hi Everyone,

 

Let's consider a scenario where we have a parent entity A with child entities B and C. 

Let's also consider that we have 5 controls for each of these entities.

 

If I open up the record for entity A, my understanding is that the compliance score field on this entity A record is displaying the compliance score based on entity A controls only, and will not factor in the compliance score of downstream controls for entity B and C. Is my understanding correct? Is there a reason why this functionality is not available out of box? It looks like if this was required by a customer, custom functionality would need to be developed to do this.

 

Thanks for your responses to my question in advance.

 

0 Helpfuls
  • 1,419 Views
6 REPLIES 6

ab_2511
Kilo Guru

‎01-02-2024 07:01 PM

Hi @VM7 ,

 

Following system property can help you to achieve your requirement without any customisations. Please review property thoroughly before activating it.

 

Name - sn_compliance.calc_empty_downstream_scores

 

Regards,

Aakash

0 Helpfuls

Siddharth9
Tera Contributor
In response to ab_2511

‎02-06-2024 01:41 AM

Is there more documentation to it than what is there in description of system property?

0 Helpfuls

Anushree Randad
ServiceNow Employee
ServiceNow Employee

‎02-06-2024 11:38 AM

Hi @VM7 @Siddharth9 @ab_2511 ,

The purpose of the property - sn_compliance.calc_empty_downstream_scores is not for compliance score calculation of entity based on all downstream controls. This property is used for following purpose:

 

Set to true to include all control objectives and entities when calculating compliant scores, even those control objectives with no directly related or downstream controls and entities with no controls.

Set to false to only include control objectives that have direct or downstream controls and entities that have controls.

 

This means, when you set this property to false, it will not consider control objectives and entities with 0%/ empty compliance score in the score rollup logic. This isn't solving the use case listed above by @VM7.

 

But we do have plans to enhance the compliance score rollup at entity level based on all downstream controls from downstream entities in addition to the directly related controls. We will be doing analysis and POC on this in the current release and plan to release in Feb 2025. If you are interested to connect and discuss and validate the use cases and the design, I would be happy to schedule a call.

 

Thanks,

Anushree, Senior Principal Product Manager

Risk Product Team, ServiceNow

Raviteja24
Tera Contributor
In response to Anushree Randad

‎07-16-2024 11:28 PM

Hi @Anushree Randad ,

 

How can downstream controls with different entities are calculated in the compliance score of an entity.

Thanks,

0 Helpfuls