Hello Everyone,

I am pretty new to the Servicenow GRC platform. I am trying my hands on the developer instance by installing the plugins

such as - Audit, Policy and Compliance and UCF.

My questions are both technical as well as funcational

Functional Questions

1. The Policy Statements get auto converted to Controls for each Profile under a Profile Type. This is with an assumption that the Common Controls from the UCF library is used. Once these controls are applied to individual Profiles, how would the self-assessment for these controls happen? i mean as such is there any option for the control owners to select a control and do self assessment? Or it's just the asset(profile) owner goes to the Profile record, clicks on Control Test tab and creates a Control Test Record and does a self assessment ? 

2. How does Internal and External Audit happen on those controls?

3. Is there and option to do focused assessments (SoX or PCI or GLBA) on  a set of scoped applications/assets? For example - SoX ITGC test gets conducted every years for a bunch of scoped applications. how would sevicenow approach for that?

Technical Questions

1. I am trying to update/alter the modules such as Citations, Policy Statements, Controls etc by going to the Form Designer mode. However there is no option to edit any of the fields on the form. The entire form is frozen. Is it because of the Developer Instance?

2. How do i get to know the logic behind derive the Compliance scope? it's a range of numbers that get derived based on a variety of parameters. As the Form Designer is not allowing me to update or check any back end configuration, i was wondering how do i get to know the over all logic of calculating those scores?

If I could get some help then that would be great! 🙂

Regards,

Swayam