- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2019 04:21 AM
Hi.
I want to know about the Indicators and indicators templates inside Governance, Risk and Compliance (GRC). I know from the documentation that Indicators monitor a single control or risk and Indicator templates allow the creation of multiple indicators for similar controls or risks.
What I want to know how we can effectively used the indicators in GRC ? and why the indicators are used.
Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-17-2019 09:17 AM
Hi Syed,
Indicators can be automated (= Scripted result) or manual (= Task assigned to someone, ending with a state of Passed or Failed).
Examples of automated indicators would be check that all Servers in the CMDB are up to date, or that all LDAP passwords are less than 3 months old.
One example of manual indicator would be to ask the network admin that annual Network Penetration Test were conducted and the results attached to the task.
Indicator Results are used to trigger the creation of GRC Issues (Task to determine if some remediation is required), if a result indicates Failed or Not Passed. Assessment also can be used to achieve the same usage, but in the form of a questionnaire.
Indicator Templates can be linked to Policy Statements, or to Risk Statements, to automatically create Indicator for your Controls, or Risks.
Controls' status is also automatically calculated by the linked Indicator Results... And that may affect any linked Risks.
Risk's Calculated Risk Score is adjusted automatically by the Risk's Indicators results. There is a Indicator Failure Factor field in the Risk table that display the impact of those.
Please note that Indicators are not weighted. So, when looking at their impact on a Control or Risk they will all be considered equally. Indicators are not executed when Risks and Controls are in Retired state.
I hope this help!
∴
Best regards from Switzerland
Shiva, ServiceNow Architect and GRC Expert :¬,
If this reply assisted you, please consider marking it 👍Helpful or ✅Correct.
This enables other customers to learn from your thread.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2019 04:23 AM
Hi,
here you will find some interesting Use Cases of GRC:
https://www.inry.com/insights/five-use-cases-for-servicenow-grc/
I would suggest you to watch the following video tutorial as well:
https://www.youtube.com/watch?v=uEZDEPI4MrU
If I have answered your question, please mark my response as correct so that others with the same question in the future can find it quickly and that it gets removed from the Unanswered list.
Thank you
Cheers
Alberto
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2019 07:53 AM
Hi Alberto Consonni
I am also looking similar information. I have watched this video before can you point out the exact location in the video where they are creating indicators and been used in GRC module ?
Also on the other link there are two words indicators and that's it. Please read the question again. We are only interested in GRC indicators and how to use them?
Thanks
ifti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-17-2019 09:17 AM
Hi Syed,
Indicators can be automated (= Scripted result) or manual (= Task assigned to someone, ending with a state of Passed or Failed).
Examples of automated indicators would be check that all Servers in the CMDB are up to date, or that all LDAP passwords are less than 3 months old.
One example of manual indicator would be to ask the network admin that annual Network Penetration Test were conducted and the results attached to the task.
Indicator Results are used to trigger the creation of GRC Issues (Task to determine if some remediation is required), if a result indicates Failed or Not Passed. Assessment also can be used to achieve the same usage, but in the form of a questionnaire.
Indicator Templates can be linked to Policy Statements, or to Risk Statements, to automatically create Indicator for your Controls, or Risks.
Controls' status is also automatically calculated by the linked Indicator Results... And that may affect any linked Risks.
Risk's Calculated Risk Score is adjusted automatically by the Risk's Indicators results. There is a Indicator Failure Factor field in the Risk table that display the impact of those.
Please note that Indicators are not weighted. So, when looking at their impact on a Control or Risk they will all be considered equally. Indicators are not executed when Risks and Controls are in Retired state.
I hope this help!
∴
Best regards from Switzerland
Shiva, ServiceNow Architect and GRC Expert :¬,
If this reply assisted you, please consider marking it 👍Helpful or ✅Correct.
This enables other customers to learn from your thread.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2019 11:41 AM
Hi Shiva,
When you state that indicator tasks are assigned, in my world the assignment goes to the control owner. What role issues the Pass/Fail? Is that the control owner or is that a compliance manager function?
Question #2 - OoB the indicator task remains open until when? The next run or until control owner closes?
Thanks
Paula
