Difference between authoritative sources and authority documents ??

nsethi · ‎05-24-2018

We imported the UCF(Unified Compliance Framework) a couple of years ago. We understand the procedure for UCF integration with ServiceNow has changed. Now we have 2 parallel list of auth documents( one from earlier and one from now) and do not know how to reconcile them. The older list has Authoritative sources and the newer list has authoritative documents. Should not they be the same ? What is link between these 2 if any ?

Michael Bachme1 · ‎05-24-2018

From what I understand, the new architecture uses Policy and Compliance > Compliance > Authority Documents. These have a source, see Unified Compliance Integration, which I believe is defaulted to UCF, that pulls in Shared Lists you created in Common Controls Hub.

You may already know this, but you need to have an account with CCH and contact ServiceNow support to set up the integration. In addition, you need to enable to new GRC plugins.

I hope that brings some clarification.

SeanBarrett · ‎05-25-2018

@nsethi - is the "authoritative source" module actually under the Configuration Compliance application in your left nav? This is a different app all together, and not part of the GRC application, though tightly integrated. I can explain more if you're interested, but for the purpose of UCF and pulling in content, the "authority documents" is what you still want to be looking at.

nsethi · ‎05-29-2018

Hi Sean

Thank you. It makes sense. What we are confused about is that, do we still need the IT GRC module or is that outdated and UCF changed it to Policy and Compliance module ?? Right now we have both applications ( 1. IT GRC

2. Policy and Compliance) and both have documents. We would love to simplify it. More explanation around this would do us a world of good.

Jan Spurlin · ‎05-29-2018

From the Product Docs - the Release Notes for Geneva:

All references to "IT GRC" have been eliminated, and are now simply "GRC".

https://docs.servicenow.com/bundle/geneva-release-notes/page/release-notes/business_mgmt/r_GovernanceRiskComplianceRN.html