How is your Service Portal policy exception form configured?

T_O_1
Tera Contributor

Hello, 

 

I'm curious to know how your company uses the Policy Exception form within the Service Portal. Currently ours is shown below and we feel this is too much for the requesters to know and understand (control objective, policies, etc.). We have our policies listed on our Service Portal, but we have over 60 policies and standards and it is difficult for employees to figure out what policy/standard and control objective for their policy exception. 

 

I would like to know if anyone has any suggestions or constructive criticism on what we can do to make this form better/easier for the end users, or what works for your company.

 

 

Thanks,

Tyler

2 REPLIES 2

Ahmed Drar
Tera Guru
Tera Guru

Hello Tyler,

Suppose you feel this is too much for the requesters to know and understand. In that case, You can enable your end users to search on multiple columns and show knowledge articles explaining the process to make the user journey easier. 

If this doesn't work. then

the policy exception form is nothing but a record producer, so you can add or remove as many fields as you want. however, still, your end user needs to answer those basic questions:
1- what is this exception for?
2- how long it is valid?
3- what is the reason and justification for the exception?

If end users don't provide that information up front, the exception request should remain in a new state. An analyst needs to look at the exception  and answers those basic questions on behalf of the end user and based on the data provided.

 

I hope this helps.

Ahmed

Please mark my answer as Correct / Helpful based on the Impact.

 

Zind
Tera Contributor

Things to consider if end users are not familiar with all polices, controls objectives, etc.

Hide the Policy Exception from the ServiceNow Catalog section until there is an acceptable maturity level not only from end users but from the Compliance Manager.  Users can always navigate to it via the  menu but at least is hidden from the Catalog.

Questions to consider:

Does your company have its own Policy Exception process and reporting at the Enterprise level? Instead of the end users, the Compliance Manager can leverage from this form by creating an intake process.

Are your end users knowledgeable to use this form? Might need training, etc. Start small. Analyze if every policy x entities will need an exception.

Is the Policy Exception integrated to other applications?  Example:  Vulnerability tool

 

Hope this is helpful.