Policy and Compliance Policy Exception flowchart

tphillips · ‎03-31-2023

Is there are flowchart for the steps of moving a Policy Exception thru creation to approval and closure?

Thank you,

Tom

Community Alums · ‎03-31-2023

Type sn_compliance_policy_exception.CONFIG in the navigator and you will see everything, including two flows.

As per the previous version, the initial 'Request Approval' is for the Requester to submit it into the process formally. Then the 'Approver' is actually the assigned_to , who is responsible for taking it through the process.

Risk Management has been de-coupled, but still exists without dependency on GRC: Risk Management.

We still see Risks associated with the Impacted Controls, and the remaining Mitigating Controls which support those risks.

There are two new areas: Verification Rule and Approval Rule

Refer to the video :https://www.youtube.com/watch?v=JcmuQypffI8

View solution in original post

Rajesh_Singh · ‎03-31-2023

@tphillips

I'm not aware of a specific flowchart for moving a policy exception through creation to approval and closure in ServiceNow GRC, but I can provide you with a general overview of the process:

Creation: A user creates a policy exception in ServiceNow GRC with reason, policy or control, and supporting documentation.
Review: The exception is reviewed by stakeholders, including policy and control owners, to determine its validity.
Approval: Approved by the relevant parties through a workflow in ServiceNow GRC.
Implementation: The exception is implemented according to the agreed-upon timeline and specifications.
Monitoring: The exception is monitored to ensure proper implementation and risk mitigation.
Closure: The exception is closed out when it is no longer necessary, with documentation and lessons learned.

If you found my response helpful or applicable, please consider marking it as correct or helpful to assist others who may be seeking the same information.

---------------
Regards,
Rajesh Singh

Community Alums · ‎03-31-2023

Hi @tphillips ,

Type sn_compliance_policy_exception.CONFIG in the navigator and you will see everything, including two flows.

As per the previous version, the initial 'Request Approval' is for the Requester to submit it into the process formally. Then the 'Approver' is actually the assigned_to , who is responsible for taking it through the process.

Risk Management has been de-coupled, but still exists without dependency on GRC: Risk Management.

We still see Risks associated with the Impacted Controls, and the remaining Mitigating Controls which support those risks.

There are two new areas: Verification Rule and Approval Rule

Refer to the video :https://www.youtube.com/watch?v=JcmuQypffI8

Manus_Bolton · ‎01-27-2025

Hi Sandeep,

Thank you for this information, do you perhaps have the link to the process guide for Policy Exception.

Regards

Manus

tphillips · ‎04-03-2023

Thank you.