Is there a tutorial on how to import and map controls from a file?

Go to solution
Refocused Dad
Kilo Expert

‎02-19-2020 07:22 AM

We are not currently using UCF with no immediate plans to purchase a license for integration. Unfortunately, all the GRC documentation only seems to refer to UCF and no other way to import controls. Is there a tutorial or some guidance that can be followed to setup some controls in a spreadsheet and import into GRC? I understand we'll have to create our own transform maps, unless there are some default available (which I haven't found) for GRC.

0 Helpfuls
  • 3,150 Views
1 ACCEPTED SOLUTION

Go to solution
Community Alums
Not applicable

‎02-19-2020 08:58 AM

Hi,

UCF integration is a time saver if you want to follow internal/national standards or best practices, where all maintenance is the UCF Common Controls Hub responsibility. Probably the most used are:

  • ISO/IEC 27701:2019 (242 citations)
  • ISO/IEC 27002:2013 (382 citations)
  • ISO 9001:2015 (700 citations)
  • ISO 27001-2013 (632 citations)
  • NIST SP 800-53 (1251 citations)
  • FFIEC CAT (182 citations)
  • CIS Controls (304 citations)
  • EU GDPR (708 citations)

Having previous information in consideration, for a mid-term vision I would reconsider the UCF integration in your roadmap as soon as possible to help you to get up to speed. Imagine you have previous Authority Documents, I can't imagine how hard would be to maintain to 4401 citations up to date. Probably some may become depreciated over time, some may change between versions.

How can you manage your controls if you have the chance to been using out of date statements?

For a few customers, we have imported specific national laws due to the fact they weren't available in the Common Controls Hub but that was a particular scenario. As soon as you import that information, you own it and you are responsible for their maintenance. We always advise avoiding this scenario saving you time to focus your tasks.

Answering your question, there are several ways to import these, but the easiest is to use the Load Data menu and import the spreadsheet and map to the Policy Statement table and then generate your Controls.

Have in consideration:

  • All your controls should be loaded in "Draft".
  • If you assign an "Attestation", please ensure you have "Respondents". If you add an "Owner" it will be automatically copied as one of the respondents. 
  • If you want to move to other states, you need to respect the control lifecycle e.g. provide attestation, attest and then you can move to "Monitor".
  • Respect the mandatory fields, don't forget to coalesce them.

Take a look at the following Training if you are new on this:
https://developer.servicenow.com/app.do#!/training/article/app_store_learnv2_importingdata_london_im...

If you have any doubt please let me know

Raf

View solution in original post

10 REPLIES 10

Go to solution
Sukraj Raikhraj
Kilo Sage

‎02-19-2020 07:52 AM

have you reviewed developer.servicenow.com? SN provide self tutorial on how to use transform map and import set...

Go to solution
Refocused Dad
Kilo Expert
In response to Sukraj Raikhraj

‎02-20-2020 05:52 AM

My question is not about transform maps, rather about GRC authority docs and controls. We are not currently able to use UCF integration so I'm asking about doing it manually. I am unfamiliar with the GRC tables and fields.

Go to solution
Sukraj Raikhraj
Kilo Sage
In response to Refocused Dad

‎02-20-2020 06:15 AM

Got it, still good to know if you will need to manually import the data. However look like Rafael already got it covered for you.

 

https://community.servicenow.com/community?id=community_question&sys_id=e07e0721dbdcdbc01dcaf3231f96...

Go to solution
Community Alums
Not applicable
In response to Refocused Dad

‎02-20-2020 06:15 AM

If that is your goal, the easiest is to use the Load Data menu and import the spreadsheet and map to the Policy Statement table and then generate your Controls but honestly, I do advise you to go for UCF integration. Its a must 🙂

0 Helpfuls