Policy Exception Extensions - Question on max duration

Go to solution
Joe Macleod
Tera Contributor

‎10-22-2024 05:29 AM

Hello SN Community, I am looking to understand why Policy Exception Extensions are defined on the "Valid From" date rather than the "Valid To" date. For example we've set the System property Max duration at 365 days, and the other GRC Property of Max Extensions allowed as 5. We were running with the assumption the logic would allow us to set a PE up for 365 days, then extend for another 365 days up to 5 times, for a maximum of 5 years. Based on our testing, it looks like the PE would need to have a Max duration of 1825 Days (5 years x 365) and we'd need to manually restrict our analysts into putting 1 year at a time, although with this design, there does not seem to be any way to restrict the time of the exception (per extension) so technically speaking an analyst could then set a PE for 5 years (max duration) which is against our approved design. I am just looking to understand if this is a conscious design choice and I am missing something, or if there is any way to set the "Max Duration" eg. Total duration with extensions to a fixed time, lets say 5 years, but have the default & extension durations listed as separate data points, in order to define a matrix on the total time based on extensions? Any Policy & Compliance Experts - would love to hear your experience and reasoning for this design, in order to take it back to business. Thanks!
0 Helpfuls
  • 1,119 Views
1 ACCEPTED SOLUTION

Go to solution
Anushree Randad
ServiceNow Employee
ServiceNow Employee

‎10-28-2024 11:42 AM - edited ‎10-28-2024 11:44 AM

Hi @Joe Macklin ,

Great question and feedback. The property - 'Default duration for which a policy exception can be requested (days)' provides default max duration for all exceptions but this can be set with separate values at each policy level which determines the total duration the exception can be open for that specific policy, including extensions so that it doesn't extend the total length allowed for the exceptions. This was based on the feedback we received from customers. They didn't want to encourage longer duration exceptions or multiple extensions, which will increase the duration of exception beyond reasonable time. So we provided the property which will set the limit to number of extensions but at the same time it won't go beyond total allowable duration. But if you think there is a need for duration of extension separate from the default policy exception duration, then please post this as an idea on idea portal and we can evaluate if there are other customers asking for the same and accordingly add it our roadmap. 

 

Thanks,

Anushree

Product Management, Risk BU

ServiceNow

View solution in original post

0 Helpfuls
1 REPLY 1

Go to solution
Anushree Randad
ServiceNow Employee
ServiceNow Employee

‎10-28-2024 11:42 AM - edited ‎10-28-2024 11:44 AM

Hi @Joe Macklin ,

Great question and feedback. The property - 'Default duration for which a policy exception can be requested (days)' provides default max duration for all exceptions but this can be set with separate values at each policy level which determines the total duration the exception can be open for that specific policy, including extensions so that it doesn't extend the total length allowed for the exceptions. This was based on the feedback we received from customers. They didn't want to encourage longer duration exceptions or multiple extensions, which will increase the duration of exception beyond reasonable time. So we provided the property which will set the limit to number of extensions but at the same time it won't go beyond total allowable duration. But if you think there is a need for duration of extension separate from the default policy exception duration, then please post this as an idea on idea portal and we can evaluate if there are other customers asking for the same and accordingly add it our roadmap. 

 

Thanks,

Anushree

Product Management, Risk BU

ServiceNow

0 Helpfuls