How to configure approvals on [grc_policy] table

shallumittal
Tera Contributor

Good Morning All,

 

I have a requirement to configure Approval workflow on grc policies [grc_policy]

 

For this, I have designed a workflow and used the approval_user activity. Also, added the Approval related list into the [grc_policy]. But when I execute the workflow, approval table is showing as "No data to display" and in the Workflow Active Context, its showing as "Executing". So, to achieve this I have created a relationship between [grc_policy] (as  [grc_policy] is non-task table) and the [sysapproval_approval] table and this resolved my issue.

 

Query: Is there any another way or OOB functionality to achieve this ? Is this the right approach ?

 

Any suggestion would be very helpful

1 ACCEPTED SOLUTION

Shiva Thomas
Kilo Sage

Hi Shallumittal,

The current version of GRC already has an approval workflow set for Policies.

Here is the current out-of-the-box Policy Management Lifecycle:

  1. Policies are created in the Draft state (default)
    compliance_user or compliance_manager can create a Policy
    The same roles can move the Policy into Review
  2. While in Review state, reviewers can either send the Policy approval back to draft or forward it by requesting approval.
    The policy can only be moved from Review into the next state by one of the named Reviewers
  3. While a Policy is Awaiting Approval, Approvers receive a ServiceNow Approval task
    If there are no approvers listed on the Policy, it will go straight to Published
    ➡️ If there are approvers listed, then they will receive notification of an approval request ⬅️
  4. Once all Approvals are received, the Policy is Published and a Knowledge Article is created in the GRC Knowledge base
  5. Retired, when the Policy is no longer relevant.

find_real_file.png

Should you want to bypass this completely (not recommended), you could use KB Management processes to set a lifecycle for your KB Articles with another approval stage: Knowledge Management setup guide for admins


Best regards from Switzerland
Shiva :¬,

If this reply assisted you, please consider marking it 👍Helpful or Correct.
This enables other customers to learn from your thread.

 

View solution in original post

4 REPLIES 4

Shiva Thomas
Kilo Sage

Hi Shallumittal,

The current version of GRC already has an approval workflow set for Policies.

Here is the current out-of-the-box Policy Management Lifecycle:

  1. Policies are created in the Draft state (default)
    compliance_user or compliance_manager can create a Policy
    The same roles can move the Policy into Review
  2. While in Review state, reviewers can either send the Policy approval back to draft or forward it by requesting approval.
    The policy can only be moved from Review into the next state by one of the named Reviewers
  3. While a Policy is Awaiting Approval, Approvers receive a ServiceNow Approval task
    If there are no approvers listed on the Policy, it will go straight to Published
    ➡️ If there are approvers listed, then they will receive notification of an approval request ⬅️
  4. Once all Approvals are received, the Policy is Published and a Knowledge Article is created in the GRC Knowledge base
  5. Retired, when the Policy is no longer relevant.

find_real_file.png

Should you want to bypass this completely (not recommended), you could use KB Management processes to set a lifecycle for your KB Articles with another approval stage: Knowledge Management setup guide for admins


Best regards from Switzerland
Shiva :¬,

If this reply assisted you, please consider marking it 👍Helpful or Correct.
This enables other customers to learn from your thread.

 

One thing that I've noticed. Everything that you've stated is true except that the approvers receive a notification of the approval task. There aren't currently any notifications that are triggered to send notifications from the sn_compliance_policy table. I've attempted to draft a notification with the condition to only include records that derive from that source table. Because it is not a task-extended table, i've had no luck in doing this. If anyone has any suggestions, please assist.

Hi Tim,

Both you and Shiva are right. Shiva mentioned 'approval tasks' in #3, not approval notifications. Approval tasks are the approval records that approvers approve or reject. You are also right to say approval notifications are not OOB in sn_compliance_policy table. I believe this is because they don't want to spam approvers with emails. You can create your own approval notifications either by using Flow Designer or just a notification. I would suggest you go for the second one because best practice dictates we should have the email body outside of the workflow (so that if you change the email format, you don't have to modify/migrate the workflow as well). Here's how to do it:

-change your scope to GRC: Policy and Compliance Management

-create an email notification in System Notification->Email->Notification. Make sure in the new notification:

-Send when is 'Record inserted or updated'

-Updated is ticked

-Condition is State Changes to Awaiting approval

-test it by moving any policy to Awaiting approval state

Regards,

Dexter

Hi dexter,

The above condition worked for awaiting approval.

 

I need input on read for review. i mean when it is moved to review we need to notification.

as i used same condition "state changes to review". still no email notification.

i need send notification to reviewers also?

Please some help on this highly appreciated. 

 

Best,

Sri