GRC Attestation

Go to solution
ruzbehv
Mega Guru

‎03-19-2019 01:44 PM

OOB we are seeing the attestations being sent per control per ‘Assigned To’ user. This behavior is causing a lot of overhead for our end users.

For example, if we have 20 Policy Statements with 10 Profiles this will generate 200 controls. Each of these controls will need to be attested. If we have 10 profile owners, they will be required to individually go and click “View Attestation” 20 times.

We need attestations grouped per profile rather than per control. This will save the ‘Assigned To’ user time to have to click through multiple attestations.

Does anyone have any suggestions?

0 Helpfuls
  • 3,328 Views
1 ACCEPTED SOLUTION

Go to solution
G Balaji
Kilo Guru

‎03-21-2019 11:53 AM

You could consider following design,

Attestation Questationnaire is basically metrics. You could all the attestation questions in one attestation type where respondents will complete attestation at one form. Further you'll have to write a script includes or business rules which will map these answers to attestation types of other controls moving the respective controls to review state with compliant status based on the answer to their respective questions.

Hope this helps.

View solution in original post

12 REPLIES 12

Go to solution
ruzbehv
Mega Guru
In response to jingpingge1

‎03-20-2019 08:57 AM

Hi Jingping,

 

We are following a similar process.  To your example, we can have the owner of Active Directory attest to 1 Policy statement which holds true for every system which is AD integrated.  However, for systems which are not AD integrate, each Profile owner will have to attest individually.

 

Regards,

 

RV

0 Helpfuls

Go to solution
Brian38
Giga Expert

‎03-20-2019 07:13 AM

If you are asking how the user experience when attesting to controls can be improved by grouping the attestations by profile, the use of a custom ServiceNow Service Portal can improve the UI efficiency.   We designed and programmed a custom portal for one of our customers that presented all the attestations to a CI owner on a single form for each profile.  This form allowed the user to attest to each control sequentially and efficiently without having to go back to "My Attestations" every time for each control.  We also built in the ability for the user to 'save' each control attestation, but 'submit' the entire group of attestations at once, to allow them to edit and complete the attestations over time before submitting.  This portal required design and programming using ServiceNow Service Portal tools, but resulted in an efficient and easier-to-use experience for the end user than the current OOB functionality.

Go to solution
ruzbehv
Mega Guru
In response to Brian38

‎03-20-2019 08:59 AM

Hi Brian,

 

This is very similar to what we had in mind.  Are we able to connect to discuss this further?

 

Regards,

 

RV.

Go to solution
Ashik3
Tera Expert
In response to Brian38

‎05-20-2019 01:20 AM

Hi Brian,

This is interesting! 

But if the user has many attestations to complete , Say 50 or more..and he submit all 50 attestations together in a single click. It would also result in  performance issue's right ? OOB - this results in non compliancy and if all 50 is non compiant - it creates 50 issues as well. 

How did you handle this ?

Thanks,
Ashik

0 Helpfuls

Go to solution
Pallavi Gadepal
ServiceNow Employee
ServiceNow Employee

‎03-20-2019 03:06 PM

Ruzbehv,

Thank you for your valuable feedback. It helps us to help you better, if you could please file this as an enhancement request in HI.

https://hi-service-now.com. Yo will need a HI account for this.

This will enable us to communicate with you directly as well and allow the roundtrip conversation about when it might be prioritized or further information.

As Anushree suggested earlier, this request is under consideration.

Pallavi.