Associating Policy to Control Objective
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2022 03:35 PM
Hello,
when you are associating Policy to a Control Objective, It seems like you can only associate policy if the state is in Draft or Review. Does anyone have any reasoning behind that logic?
Thank you.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2023 06:57 AM
The logic behind allowing Policy association only when the Control Objective is in Draft or Review state is to maintain data integrity and ensure that only reviewed and approved information is linked to Control Objectives.
Here's a table that illustrates the different states of a Control Objective and the policy association possibilities:
Control Objective State | Policy Association | Explanation |
---|---|---|
Draft | Allowed | In Draft state, you can create, modify, or associate policies with Control Objectives as they are being defined. |
Review | Allowed | During the Review state, stakeholders can still review and suggest changes, including policy association or modification. |
Published | Not Allowed* | Once the Control Objective is Published, it is considered final, and policy association or modifications should not be made to maintain data integrity. |
*If you need to make changes to a Published Control Objective, you should first revert it to Draft or Review state, make the necessary changes, and then move it through the review and approval process again.
I hope this table helps you understand the different states and policy association possibilities for Control Objectives in ServiceNow GRC.
---------------
Regards,
Rajesh Singh