What is the purpose of policy exceptions?

Go to solution
Sanel
Tera Expert

‎07-02-2020 11:50 PM

Can anyone please tell me the purpose of policy exceptions? How are they linked to policy ? And who can create policy exceptions and the roles required to create them? 

If anyone can share any link to the document that would be so helpful.

Thanks

0 Helpfuls
  • 1,750 Views
1 ACCEPTED SOLUTION

Go to solution
Chander Bhusha1
Tera Guru

‎07-03-2020 12:05 AM

HI Sanel,

 

control owners can create policy exception. 

He can define the policy exception from the control objective. Using the related list present on the from or manually can create from the form. The policy will show in the controls as well when the control testing is happening to review the policy exception.

Please find the below links for the policy exception.

https://docs.servicenow.com/bundle/london-governance-risk-compliance/page/product/grc-policy-and-com...

https://docs.servicenow.com/bundle/london-governance-risk-compliance/page/product/grc-policy-and-com...

https://community.servicenow.com/community?id=community_article&sys_id=127dc5d7db9197404837f3231f961...

 

 

Mark helpful and correct if it helps.

Thanks,

CB

View solution in original post

9 REPLIES 9

Go to solution
Chander Bhusha1
Tera Guru
In response to Sanel

‎07-03-2020 05:08 AM

Hi Sanel,

First the button Request Risk Assessment will be appear in the analyze state with the following values should be there for the policy exception. (It there is no records with that policy exception then the record won't appear).

1. In this table (sn_compliance_m2m_policy_exception_control) there should be a control and policy exception mapping should be there for your policy exception.

As shown in the screenshot:

For the above control there should be entry in this below table.

2. There should be a entry created for the risk assign to the  (risk sn_risk_m2m_risk_control) against that control like this: (Atlease one record should be there)

 

If all the above this is present then the button will be appear on the policy exception on the Analyse state and the sn_compliance.manager role uses.

Once click on this button the state moves to Risk assessment like this:

 

 

Mark helpful and correct if it helps.

Thanks,

CB

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎07-03-2020 12:12 AM

Hi,

I would encourage going through the videos and links below

https://www.youtube.com/watch?v=pLuuye0d01s

https://www.youtube.com/watch?v=m8PtK7jOdLA

https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-policy-and-co...

https://docs.servicenow.com/bundle/kingston-governance-risk-compliance/page/product/grc-policy-and-c...

Mark Correct if this solves your issue and also mark 👍 Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Go to solution
Megha Padale
Giga Guru

‎07-03-2020 12:23 AM

Hi,

Control owners may request a temporary policy exception for controls that are non-compliant. The policy exception request is related to the policy, policy statement, or issue from which it originates. All impacted controls are identified in a related list. After a policy exception is approved, the control owner may ask for an extension using the original policy exception.

Check this

https://community.servicenow.com/community?id=community_article&sys_id=127dc5d7db9197404837f3231f961...

If my answer helped you in any way, mark answer as helpful and correct.

Thanks and regards,

Megha.

Go to solution
teresalaw
ServiceNow Employee
ServiceNow Employee

‎07-05-2020 04:18 PM

This video might also help you see how everything works together 

https://www.youtube.com/watch?v=60meBgMAN-4&list=PLCOmiTb5WX3oHXqIpMY2C0mf6FbfWLTQD&index=12&t=10s

 

0 Helpfuls

Go to solution
Phil Swann
Tera Guru
Tera Guru

‎07-07-2020 11:46 PM

Please note new changes to Policy Exception in GRC V10.1

0 Helpfuls