Managed Documents and GRC Policy Workflow

aslager · ‎04-25-2019

Hello!

Has anyone used managed documents in the policy workflow? I am in the process of moving our policy approval process into ServiceNow GRC and am running into a few business user issues. I believe combining the functionality of Managed Documents with the GRC Policy Workflow (as seems to be contemplated in the Servicenow GRC documentation) would solve the problems.. but I'm struggling to come up with the correct order.

Currently, policy drafts are input into the policy workflow through GRC as follows:

-Policy and Compliance; Policies and Procedures; Policies; "New".

-Policy Reviewers are added and can edit the policy text in the form field, but the activity feed is not useful because all changes to the policy text field show in the activity feed as a full repast of the text and the specific change is not identified in the text making it very difficult to identify what each reviewer has changed. We're also not getting the version control and history log that I expected.

As I mentioned, it seems that using Managed Documents would fix the above identified issues--but my question becomes is there a way to mix the processes so a policy is initiated in Managed Documents, Reviewed in Managed Documents, approved through the workflow, and if approved, published as a managed document (within managed documents and the knowledge base)? Is there another way to do this?

Thanks!

Allison

jing3 · ‎04-26-2019

Hi Allison,

If I understand correctly you are trying to use the Managed Document Module to manage the life cycle of the policy as a content. The benefit of the GRC module (policy and compliance ) are stream line controls management and continuous monitoring. Taking full advantage of both GRC and Managed Document module, my thought is that one could leverage Management Document module to manage Policy Statement customization (if desired). The detailed wording of each policy statements can be fully customized and changes can be reviewed/managed under Managed Document environment. Then I would use the GRC module to assemble Policies, Standards, Procedures from Policy statements (published results from Managed Document environment). Policy publishing in GRC are mostly formatting, the contents are all from Policy statements.

View solution in original post

jing3 · ‎04-26-2019

Hi Allison,

If I understand correctly you are trying to use the Managed Document Module to manage the life cycle of the policy as a content. The benefit of the GRC module (policy and compliance ) are stream line controls management and continuous monitoring. Taking full advantage of both GRC and Managed Document module, my thought is that one could leverage Management Document module to manage Policy Statement customization (if desired). The detailed wording of each policy statements can be fully customized and changes can be reviewed/managed under Managed Document environment. Then I would use the GRC module to assemble Policies, Standards, Procedures from Policy statements (published results from Managed Document environment). Policy publishing in GRC are mostly formatting, the contents are all from Policy statements.

Katherine L · ‎12-13-2021

Hi Allison, Did you ever get an answer to this question. I'm trying to something similar. I like the simple aspects of Managed document and the way you can pinpoint who can read edit and view (internally or public), it seems to be lacking the parent child relationships in policy. I noticed a "Document Collection" function in Managed documents. Have you ever used this? Any insights would be appreciated Thank you Katherine

Zind · ‎07-01-2024

following this use case.

christophenow · ‎05-21-2025

Hello, I'm interested to know if someone implemented it finally.

Also if managed document is natively workspace compatible.

Regards,