GRC/IRM – How to find entities and controls tied to an Authority Document?

Ya_Ga
Tera Expert

Hi All,

 

I’m trying to understand the available OOTB table relationships in GRC/IRM and have a couple of questions:

  1. How can I identify which entities are directly related to a specific Authority Document?

  2. Once I have those entities, what’s the correct way to pull the controls that are related to those entities but only from that same Authority Document?

  3. Are these relationships managed in any mapping table (I wasn't able to find any direct OOTB mapping tables), or would I need some customization to get the desired output?

Any pointers on the right tables or joins to use would be very helpful.

 

Thanks!

3 REPLIES 3

Matthias Ferstl
Kilo Guru

Hello @Ya_Ga 

 

you use case, if I got you correctly, is where "content references" come into play.
Content references ('sn_grc_content_reference' ) represent a virtual object that is linked to many m2m tables like:

- Entities to reference: sn_grc_m2m_cont_ref_profile

- Authority Documents: sn_grc_m2m_cont_ref_auth_doc

- Controls:  sn_grc_m2m_cont_ref_control

 

You can create new references, link them with one or many AutDocs, and link your controls and entities with the content references.
Your second point is a simple "filter"-problem. If you have your content references right, you can filter for controls, that have the same content reference as the entity for a specific content reference.

 

Let me know if I can help you further (and kindly mark aswers...yaddayadda, as usual 🙂 )

 

 

Please mark answers (not only mine) as helpful if they were
and "accepted solutions"This motivates others to take part, post solutions and find answers. Thanks! - Mat

Take a look at my GRC: Content Reference Automation - Share | ServiceNow Developers update set. It removes the manual effort of creating those relationships

Raf


Helpful post? Don’t forget to bookmark it, give it kudos, or mark it as the answer to help the community grow!

Rafael Cardoso
Tera Guru
Tera Guru

You should definitely take advantage of Content Reference – that’s the main reason it exists. I built something in the past to automate the relationships by adding the Authority Documents, and shared it here
GRC: Content Reference Automation - Share | ServiceNow Developers


Feel free to try it out and share your feedback so I can make it even better.

Raf


Helpful post? Don’t forget to bookmark it, give it kudos, or mark it as the answer to help the community grow!