Policy Exception - Mitigating Controls

Guy Hamilton · ‎08-01-2022

Please can someone explain how the 'Mitigating Controls' related list works when creating a policy exception?

suvro · ‎08-01-2022

Hi You can go through this doc

https://docs.servicenow.com/en-US/bundle/sandiego-governance-risk-compliance/page/product/grc-privacy-management/task/create-controls.html

Praful3 · ‎08-02-2022

Manage Policy Exception & Extension :

1. Policy exceptions and extensions provide temporary relief for a non-compliant control.

2. The policy exception captures the rationale, comments, and evidence to support the acceptance or rejection of a policy exception request.

Also, extension to an approved policy exception can be requested before the
policy exception validity period. The control owner, the compliance manager, and the risk
manager may be involved in the policy exception and extension workflow

Sean Walters · ‎08-02-2022

Hi Guy,

I believe in that scenario when you are reviewing if you would like to create a policy exception you would look to consider what the mitigating controls for this particular policy and that could affect your decision of creating an exception.

In short, to provide further visibility to the policy and what controls are currently in place for that policy that could be inherited due to your entity type.

Hope that helps.

Please mark my answer correct and helpful if this resolves your issue.