GRC Profiles and Profile Types

jzayicek · ‎12-03-2018

We have a very large client that we are currently doing a GRC implementation for and they are asking a ton of questions on Profiles and Profile Types. Does anyone have uses cases, best practices or documentation on this topic?

Thanks

SeanBarrett · ‎12-03-2018

Hey Jon - reach out to me via email... This is a pretty open question, might be easier for us to connect on a phone call. I think I can help clear up some things for this customer.

Sean

View solution in original post

Alberto Consonn · ‎12-03-2018

Hi,

this is the best documentation to be used for your need:

Establish profile types, profile classes, and profiles

Here the Use Case section:

Domain separation in Governance, Risk, and Compliance (GRC) - Use case

Here an interesting Q&A blog:

Q&A from Best Practices: Governance, Risk, and Compliance & Common Controls Hub Webinar

Hope this will be helpful for you.

If I have answered your question, please mark my response as correct so that others with the same question in the future can find it quickly and that it gets removed from the Unanswered list.

Thanks you

Cheers
Alberto

Alberto Consonn · ‎12-04-2018

Hi,

Any update on this?

If I have answered your question, please mark my response as correct so that others with the same question in the future can find it quickly and that it gets removed from the Unanswered list.

Thanks you

Cheers
Alberto

SeanBarrett · ‎12-03-2018

Hey Jon - reach out to me via email... This is a pretty open question, might be easier for us to connect on a phone call. I think I can help clear up some things for this customer.

Sean

jing3 · ‎12-04-2018

The set up will largely depend on customer existing processes and their willingness to adapt to an integrated risk approach. If client don't have much data in CMDB or other asset data to link to in ServiceNow, then all those tiers, classes, a hierarchy may be an overkill. An example is the SOX pack, it does not use any of the profile tiers, classes and hierarchy.