Policy and Compliance Policy Exception flowchart

tphillips
Tera Contributor

Is there are flowchart for the steps of moving a Policy Exception thru creation to approval and closure?

 

Thank you,

Tom

1 ACCEPTED SOLUTION

Community Alums
Not applicable

Hi @tphillips ,

Type sn_compliance_policy_exception.CONFIG in the navigator and you will see everything, including two flows.

 

As per the previous version, the initial 'Request Approval' is for the Requester to submit it into the process formally. Then the 'Approver' is actually the assigned_to , who is responsible for taking it through the process.

 

Risk Management has been de-coupled, but still exists without dependency on GRC: Risk Management.

We still see Risks associated with the Impacted Controls, and the remaining Mitigating Controls which support those risks. 

There are two new areas: Verification Rule and Approval Rule

Refer to the video :https://www.youtube.com/watch?v=JcmuQypffI8

 

View solution in original post

ServiceNow #GRC #SnowExpert GRC 9 - Policy Exception | Lifecycle of Policy Exception & Apply Policy Exception into Control A policy defines an internal practice that processes must follow. Policies are defined as policies, procedures, standards, plans, checklists, frameworks, and templates ...
5 REPLIES 5

Rajesh_Singh
Kilo Sage
Kilo Sage

@tphillips 

 

I'm not aware of a specific flowchart for moving a policy exception through creation to approval and closure in ServiceNow GRC, but I can provide you with a general overview of the process:

 

  1. Creation: A user creates a policy exception in ServiceNow GRC with reason, policy or control, and supporting documentation.
  2. Review: The exception is reviewed by stakeholders, including policy and control owners, to determine its validity.
  3. Approval: Approved by the relevant parties through a workflow in ServiceNow GRC.
  4. Implementation: The exception is implemented according to the agreed-upon timeline and specifications.
  5. Monitoring: The exception is monitored to ensure proper implementation and risk mitigation.
  6. Closure: The exception is closed out when it is no longer necessary, with documentation and lessons learned.
 
If you found my response helpful or applicable, please consider marking it as correct or helpful to assist others who may be seeking the same information.

---------------
Regards,
Rajesh Singh

Community Alums
Not applicable

Hi @tphillips ,

Type sn_compliance_policy_exception.CONFIG in the navigator and you will see everything, including two flows.

 

As per the previous version, the initial 'Request Approval' is for the Requester to submit it into the process formally. Then the 'Approver' is actually the assigned_to , who is responsible for taking it through the process.

 

Risk Management has been de-coupled, but still exists without dependency on GRC: Risk Management.

We still see Risks associated with the Impacted Controls, and the remaining Mitigating Controls which support those risks. 

There are two new areas: Verification Rule and Approval Rule

Refer to the video :https://www.youtube.com/watch?v=JcmuQypffI8

 

ServiceNow #GRC #SnowExpert GRC 9 - Policy Exception | Lifecycle of Policy Exception & Apply Policy Exception into Control A policy defines an internal practice that processes must follow. Policies are defined as policies, procedures, standards, plans, checklists, frameworks, and templates ...

Hi Sandeep, 

 

Thank you for this information, do you perhaps have the link to the process guide for Policy Exception.

 

Regards

Manus

tphillips
Tera Contributor

Thank you.