Risk Response and Object based risk assessments in ARA

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-29-2024 10:31 AM
According to the SN documentation for Vancouver for Advanced Risk Assessments, the risk response workflow is not available for object-based risk assessments. What are the alternatives to document a risk response? For example, if I do an object-based risk assessment of a Policy Exception Request (a non-compliance to a security policy), how would I document how that risk is going to be addressed? (acceptance, elimination, etc.) Seems that has to be custom development to create something.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-29-2024 07:55 PM
Hi @Ariston Colland ,
In the same document from where you got the screenshot, if you read further it says "how to configure any object assessment for an object and create the Assess risk button, see the Perform any object assessment [KB0826429] article in the Now Support Knowledge Base."
This should help you.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-29-2024 09:47 PM
Appreciate the response. The instructions in KB article you reference speak to how to perform the assessment. itself.
My question is around what happens when the assessment is complete. How is it documented how the risk will be addressed? e.g. Risk Acceptance, Risk Elimination, Risk Avoidance, Risk Transfer, etc. Since a Risk Response task is not available for object-based risk assessments, what alternative workflow does ServiceNow suggest for tracking a response to the risk after the assessment is complete?