- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-13-2022 05:22 PM
Hi community,
I am a bit perplexed with respect to how the Policy Exception record/app works in ServiceNow.
My GRC knowledge tells me that when a Policy Exception (PER) is requested against a Policy, a Risk Assessment would need to be conducted, but that Risk Assessment would need to be tied to an Entity. Is that the logic in how PER works?
PS: I see the 'Risk' tab, but there is nothing on the tab which eludes to a Risk Manager doing any sort of Risk Assessment. There is the 'Risk Assessment' tab but the docs.servicenow.com page describes a 'Business Impact Analysis' tab (which I think they did not update to state 'Risk Assessment') - and includes some details that I do not see in my Toyko version of Policy Assessment.
PSS: This is without activating the Advanced Risk Assessment plugin.
Thanks in advance for your help.
NN
Solved! Go to Solution.
- Labels:
-
Policy and Compliance Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-15-2022 10:37 AM
So I figured this out... you need to activate the Compliance Manager workspace and then ensure that the Risk Assessment Methodology is setup to allow Risk Assessments on 'Object' pointing to the 'sn_compliance_policy_exception' table (alongside all the different assessments you want done - control effectiveness, inherent risk, residual risk).
You do see the 'Risk Assessment' > 'New' button on the Platform UI but when you click on it, it does nothing or rather loads up a screen that is non-functional. On the Compliance Manager Workspace, the experience is different.
The docs.servicenow.com website makes no mention of this specifically.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-18-2022 10:50 AM
@Wence anytime. You should see it under the 'details' tab under the 'Risk Assessment' section. Also, check and see if you have an update to ARA via plugins. Hit me back up when you do the aforementioned.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-18-2022 06:08 PM
Woo hoo!! Now I do see it under the 'details' tab. Thanks so much!! @Noelinho1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-22-2022 11:04 AM
@Wence nice! - the thing that I did not see on the docs website is the fact that you cannot do an ARA using the Platform UI (unless it was hidden somewhere). So in essence, if a Compliance Manager wants the Risk Team to do an Advanced Risk Assessment for a PER, they would need to initiate that via the Compliance Workspace.