- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2023 02:22 PM
Is there are flowchart for the steps of moving a Policy Exception thru creation to approval and closure?
Thank you,
Tom
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2023 07:48 PM
Hi @tphillips ,
Type sn_compliance_policy_exception.CONFIG in the navigator and you will see everything, including two flows.
As per the previous version, the initial 'Request Approval' is for the Requester to submit it into the process formally. Then the 'Approver' is actually the assigned_to , who is responsible for taking it through the process.
Risk Management has been de-coupled, but still exists without dependency on GRC: Risk Management.
We still see Risks associated with the Impacted Controls, and the remaining Mitigating Controls which support those risks.
There are two new areas: Verification Rule and Approval Rule
Refer to the video :https://www.youtube.com/watch?v=JcmuQypffI8

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2023 07:00 PM
I'm not aware of a specific flowchart for moving a policy exception through creation to approval and closure in ServiceNow GRC, but I can provide you with a general overview of the process:
- Creation: A user creates a policy exception in ServiceNow GRC with reason, policy or control, and supporting documentation.
- Review: The exception is reviewed by stakeholders, including policy and control owners, to determine its validity.
- Approval: Approved by the relevant parties through a workflow in ServiceNow GRC.
- Implementation: The exception is implemented according to the agreed-upon timeline and specifications.
- Monitoring: The exception is monitored to ensure proper implementation and risk mitigation.
- Closure: The exception is closed out when it is no longer necessary, with documentation and lessons learned.
---------------
Regards,
Rajesh Singh

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2023 07:48 PM
Hi @tphillips ,
Type sn_compliance_policy_exception.CONFIG in the navigator and you will see everything, including two flows.
As per the previous version, the initial 'Request Approval' is for the Requester to submit it into the process formally. Then the 'Approver' is actually the assigned_to , who is responsible for taking it through the process.
Risk Management has been de-coupled, but still exists without dependency on GRC: Risk Management.
We still see Risks associated with the Impacted Controls, and the remaining Mitigating Controls which support those risks.
There are two new areas: Verification Rule and Approval Rule
Refer to the video :https://www.youtube.com/watch?v=JcmuQypffI8
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2025 11:01 PM
Hi Sandeep,
Thank you for this information, do you perhaps have the link to the process guide for Policy Exception.
Regards
Manus
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2023 05:27 AM
Thank you.