The Zurich release has arrived! Interested in new features and functionalities? Click here for more

What is the process behind for generating controls in GRC ServiceNow

KoteswaraMa
Tera Contributor

3 weeks ago

Hi Team,

 

When I add an entity manually to an entity type which is associated with control objective, generates a control for that entity.

Please help me to understand the underlying process. How the control is generated and with the control owner as an entity owner.

 

Thanks,

Majji

0 Helpfuls
  • 684 Views
4 REPLIES 4

Najmuddin Mohd
Mega Sage

3 weeks ago

Hello @KoteswaraMa 

NajmuddinMohd_0-1756833725003.png


Level1:
Control Objective is the Template that defines what should be adhered to.
Entity Type is the reference to the list of records with or without a defined filter of ServiceNow. Every record of it is called Entity. 

Ex: Entity Type is Windows Servers, with Entity Owner defined here.
All the windows servers becomes Entities.

Level2:
When the Entity Type and Control Objective are connected, Every Entity generated through the Entity Type gets a control attached to it with Entity Owner as the Control Owner, also Risk Owner if a Risk Statement would be have attached to the Entity Type.


If the above information helps you, Kindly mark it as Helpful and Accept the solution.
Regards,
Najmuddin

0 Helpfuls

KoteswaraMa
Tera Contributor
In response to Najmuddin Mohd

3 weeks ago

Hi @Najmuddin Mohd 

 

Thanks for your response. I understood the steps/flow how the control can be created. However, I am looking for the back end mechanism responsible for controls creation and assignment of the entity owner as control owner. I would appreciate if you can provide the backend process.

 

Thanks,

Majji

0 Helpfuls

Shashank_Jain
Kilo Sage

3 weeks ago

@KoteswaraMa ,

 

backend process for control generation in ServiceNow GRC:

 

 How Controls Are Generated

  • When you link an Entity Type to a Control Objective, ServiceNow’s Item Generation engine (a.k.a. Control Synthesis) creates a Control record for each matching entity.

  • The new control is stored in sn_grc_control.

 How Control Owner is Assigned

  • By default, the Entity Owner (owned_by field on the entity) is copied into the Control Owner (owned_by on the control).

  • This happens because the “Sync with Entity Owner” option is enabled by default.

  • If unchecked, you can assign a different owner manually.

Mechanism Behind the Scenes

  • Driven by backend scripts/flows (e.g., item generation engine, script includes, BRs).

  • Works automatically and often runs asynchronously.

  • No need to manually create controls—relationships drive the creation.

In short:
Entity + Control Objective → Control auto-generated.
Entity Owner → becomes Control Owner (via sync).

 

 

If this works, please mark it as helpful/accepted — it keeps me motivated and helps others find solutions.
Shashank Jain
0 Helpfuls

KoteswaraMa
Tera Contributor
In response to Shashank_Jain

3 weeks ago

Hi @Shashank_Jain 

 

Thank you for providing the details. Can you please share which script exactly creating control and updating the control owner when an entity is add manually to an entity type which is associated with control objective?

 

Thanks,

Majji

0 Helpfuls