- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-17-2020 04:15 AM
We are planning to implement GRC Policy and compliance ,I am newbie to it ,can anyone help me with some good reading docs,I have gone through community and read some articles but I am looking something more advanced.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-17-2020 04:56 AM
There are several courses taught by instructors that provide the more indepth information about GRC. However, to get started there is a section in this forum (look at the boxes at the top) for New Customers.
Here is a link to the GRC Fundamentals class
We strongly recommend taking this before you take the implementation class. This is not about the basics of GRC, this is about how the ServiceNow application works for a customer trying to manage GRC.
This second link is to the Risk and Compliance Implementation course. We were discuss how to implement GRC and some common modifications/customizations we see.
Hope this helps.
Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-17-2020 04:16 AM
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-17-2020 04:21 AM
There are some fantastic articles written by
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-17-2020 04:56 AM
There are several courses taught by instructors that provide the more indepth information about GRC. However, to get started there is a section in this forum (look at the boxes at the top) for New Customers.
Here is a link to the GRC Fundamentals class
We strongly recommend taking this before you take the implementation class. This is not about the basics of GRC, this is about how the ServiceNow application works for a customer trying to manage GRC.
This second link is to the Risk and Compliance Implementation course. We were discuss how to implement GRC and some common modifications/customizations we see.
Hope this helps.
Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-17-2020 05:24 AM
I am making the assumption that you are starting from the very beginning (apologies if this is not correct). Is so then it is important to remember that the solution supports the framework.
Yes its processes and workflows help guide that framework, but ultimately before you start to implement you will need to determine and agree the objective is and what the end state looks like.
If you were using a partner typically the initial phase of the project will be workshops where core requirements are unearthed, validated and refined.
So my initial questions would be:
- Do you have your referential data confirmed i.e. Organisational Hierachies?
- Are you looking to link Control Objectives to Policies? Do you know which Policies link to which Controls?
- Are those control objectives linked to external regulations?
- Are your policies going to be managed within SN?
- What format are those policies currently?
- Are your Control Objectives linked to Risks either now or in the future?
- Have you considered what access rights Compliance users will require? OOTB? Bespoke?
- Have your compliance customers defined their reporting requirements?
Sorry for all the questions, but before embarking on the technical installation, the above is essential. In 8 years of delivering GRC Platforms, clients who have implemented first, before agreeing upon a framework have spent 100-150% more on remediation or worse still simply given up.
