Duplication of Risk Records

brandoncalero
Tera Contributor

‎06-03-2024 06:57 AM

I need a solution on how to address Duplicating Risk records.

The current build in the background prevents duplicate risks when there is the same combination of Risk Statement and Entity. 

My use case would be that we have to itemize these across a fleet, so the same risk could exist across multiple locations and they each have their own treatment plans and timelines.

Is there a way to either shut this off or add an extra field to the duplication calculation?

For example, allow duplication as long as Risk Statement and Entity and CustomField are different?

Preview file
32 KB
0 Helpfuls
  • 750 Views
7 REPLIES 7

Jan Spurlin
ServiceNow Employee
ServiceNow Employee

‎06-04-2024 06:08 AM

Could you not create a hierarchy of risk statements?

For example - if the overall risk is a breach of security for all applications - make this the top level risk.

Then add children risk statements - Risk of security breach for Application X - and scope it by entities that represent the ships?

0 Helpfuls

brandoncalero
Tera Contributor
In response to Jan Spurlin

‎06-04-2024 07:06 AM

Jan,

 

So if I am understanding correctly, we would have a "baseline" Risk Statement 1, that would aggregate up all the child risk statements? And then we would parse out a child risk statement per application?

For example:

Risk Statement 1 App n

Risk Statement 1 App n+1

 

And then use our locations as our entities?

 

I can see this working but it is very tedious. We are utilizing the NIST framework as our risk statements, so that's about 100+ risk statements. Now multiply that by 300+ business applications and counting. And then when we introduce our OT assets.

 

Am I understanding correctly? Would we need to reassess our risks that have already been submitted to conform to this new hierarchy?

0 Helpfuls

Jan Spurlin
ServiceNow Employee
ServiceNow Employee
In response to brandoncalero

‎06-04-2024 07:32 AM

There are probably other ways to do this, this is just one option. And whether you needed to do it for all 300+ business apps would depend on whether you need to track compliance for all ships for all 300+.

 

Let me try and invite a few hands on people to chime in on this:

@Community Alums @Phil Swann @Community Alums @Shiva Thomas 

 

And if you are working with a partner - they should be able to help you with the best way to set this up in your environment.

0 Helpfuls