What is the purpose of policy exceptions?

Sanel
Tera Expert

Can anyone please tell me the purpose of policy exceptions? How are they linked to policy ? And who can create policy exceptions and the roles required to create them? 

If anyone can share any link to the document that would be so helpful.

Thanks

1 ACCEPTED SOLUTION

Chander Bhusha1
Tera Guru

HI Sanel,

 

control owners can create policy exception. 

He can define the policy exception from the control objective. Using the related list present on the from or manually can create from the form. The policy will show in the controls as well when the control testing is happening to review the policy exception.

Please find the below links for the policy exception.

https://docs.servicenow.com/bundle/london-governance-risk-compliance/page/product/grc-policy-and-com...

https://docs.servicenow.com/bundle/london-governance-risk-compliance/page/product/grc-policy-and-com...

https://community.servicenow.com/community?id=community_article&sys_id=127dc5d7db9197404837f3231f961...

 

 

Mark helpful and correct if it helps.

Thanks,

CB

View solution in original post

9 REPLIES 9

Chander Bhusha1
Tera Guru

HI Sanel,

 

control owners can create policy exception. 

He can define the policy exception from the control objective. Using the related list present on the from or manually can create from the form. The policy will show in the controls as well when the control testing is happening to review the policy exception.

Please find the below links for the policy exception.

https://docs.servicenow.com/bundle/london-governance-risk-compliance/page/product/grc-policy-and-com...

https://docs.servicenow.com/bundle/london-governance-risk-compliance/page/product/grc-policy-and-com...

https://community.servicenow.com/community?id=community_article&sys_id=127dc5d7db9197404837f3231f961...

 

 

Mark helpful and correct if it helps.

Thanks,

CB

I created a policy exception through a issue and I was the owner of the control owner but when I created the policy exception the approver field in it was showing as blank so I cant add an approver to my policy exception , does a specific role is required for me to add the approver

Hi Sanel,

You need sn_compliance.manager role to add the approver to the policy exception.

The approvals will be the members of Approval group which you have selected in the Policy exception.

Just verify that you have added the sn_compliance.manager role to the user with whom you are testing.

 

Thanks,

CB

Thanks mate got it , Could you please tell me how can I put my state in risk assessment or when does it actually go into that state ?