Generating Controls on Vendor Risk Assessment Record
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-14-2024 09:47 PM - edited ‎02-14-2024 10:30 PM
Hi Community,
I am trying to find out ways by which Controls (based on Controls Objectives) gets created automatically and being showed under 'Control' related list on Vendor Risk Assessment Form based on the responses submitted by Vendor via Vendor Portal.
I have also checked out one m2m table called "Control Objective to Assessment Metric" where I have attached Control Objectives to Metric and also checked 'Create Controls Automatically' on control objectives, still there are no controls being created after vendor responds to that particular question.
Please help me find better ways and OOTB solutions provided by ServiceNow. Please refer to the SS to help understand my query better
Early response is much appreciated.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-14-2024 09:56 PM
FYI @Ishaan Mishra - no screenshot attached to your post.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-14-2024 10:30 PM
Hi @Simon Hendery ,
Now Attached
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-15-2024 02:31 AM
Hi @Ishaan Mishra ,
The way the control gets generated is when you add a Entity Type to a control Objective level. that's where you check the 'Create Controls Automatically' checkbox on control objectives such that the controls gets generated automatically.
But, in terms of Vendor Risk Assessment Record, Generating Controls is not an option OOTB.
The reason why we have controls related list is when a Vendor Risk analyst reviews the results of the vendor risk assessments and closes each vendor assessment, creating issues for remediation, as necessary. When an issue is created for a particular question, a visual indicator appears in the Vendor Assessment Portal adjacent to that question.
Remediating an issue means the underlying issue causing the control failure or risk exposure will be fixed. Accepting an issue means you create an exception for a known control failure or risk. Controls that are Accepted remain in a non-compliant state until the control is reassessed. In this way, the issue can be used to document observations during audits.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-20-2024 01:50 AM
Hi @Ishaan Mishra ,
