Have the results of a control attestation apply to two authority documents.

Roger Grim · ‎03-27-2024

We are looking for a way that when a control is tested the results of that test would apply to two different authority documents/policies.

For example, both PCI and HITRUST require that default passwords on network equipment be changed.

We would like to be able to send out one control attestation asking if default passwords have been changed. Then use the response to show both PCI and HITRUST are either compliant or not depending on the response from that one control.

Is there a way to do this?

Thank you,

Roger

Community Alums · ‎03-29-2024

Hi @Roger Grim ,

Base on the control attestations, the score would be seen on the control Objective Record.

Control objectives doesn't talk to Authority Documents directly in ServiceNow, it will be via Citations , see below:

The compliance score will roll-up through Citations to Authority documents, see below, i have opened the citations of the control objective :

However, in terms of Policies, you can directly attach a Policy to control Objective and at the policy level you can find the score.

I have atatched a Policy to a control objective having 100 % Compliance score, check the policy compliance score which rolled up from control objective :

Community Alums · ‎04-01-2024

Hi @Roger Grim ,

Rakesh Chigari · ‎03-31-2024

Hi @Roger Grim

If the business objective you are looking is to achieve "Test one and Satisfy Many" for control attestations, explore new feature in IRM "Common controls" but be informed that these will work at entity level but not at authority document level.

Anyhow compliance scroll will rollup from control to Authority document, citations, control objective, entity, policy.

https://docs.servicenow.com/bundle/washingtondc-governance-risk-compliance/page/product/grc-workspac...

If I could help you with your Query then, please hit the Thumb Icon and mark as Correct