Associating Policy to Control Objective

Jason yeon
Tera Contributor

Hello,

when you are associating Policy to a Control Objective, It seems like you can only associate policy if the state is in Draft or Review. Does anyone have any reasoning behind that logic? 

 

Thank you.

 

Jasonyeon_0-1665009244059.png

Jasonyeon_1-1665009294464.png

 

 

5 REPLIES 5

Rajesh_Singh
Kilo Sage
Kilo Sage

@Jason yeon 

 

The logic behind allowing Policy association only when the Control Objective is in Draft or Review state is to maintain data integrity and ensure that only reviewed and approved information is linked to Control Objectives.

 

Here's a table that illustrates the different states of a Control Objective and the policy association possibilities:

Control Objective State Policy Association Explanation
Draft Allowed In Draft state, you can create, modify, or associate policies with Control Objectives as they are being defined.
Review Allowed During the Review state, stakeholders can still review and suggest changes, including policy association or modification.
Published Not Allowed* Once the Control Objective is Published, it is considered final, and policy association or modifications should not be made to maintain data integrity.

*If you need to make changes to a Published Control Objective, you should first revert it to Draft or Review state, make the necessary changes, and then move it through the review and approval process again.

I hope this table helps you understand the different states and policy association possibilities for Control Objectives in ServiceNow GRC.

If you found my response helpful or applicable, please consider marking it as correct or helpful to assist others who may be seeking the same information.

---------------
Regards,
Rajesh Singh