Easy (and free) ways to import ISO27k as Authority Documents?

Sebastian Casac
Tera Contributor

Hi all - first question here so bear with me if I get things wrong....

 

A client of ours is in the process of setting up and rolling out Policy and Compliance. They want to have ISO27001/2 in their instance so they can map their own control objectives to it. Of course they have purchased the standard from ISO

 

What would be the smartest way to get the standard into the system? From the ServiceNow docs I get that they can either get it through the Thomson Reuters integration or through the Compliance UCF application - however, as far as I understand, both of them require an additional subscription for their respective products, which our client doesn't have.

 

Do any of know a smart way to import ISO27k content into ServiceNow other than....

a) getting an intern to copy&paste an import sheet OR

b) trying to convert the epub-file you get from ISO into a usable import format?

 

Thanks in advance!

 

Regards

Sebastian

7 REPLIES 7

Michael Oosten1
Tera Expert

Indeed, just create / find an XLS containing ISO27k. Modify the XLS to match the import requirements. (Citations > Right click header > Import > Create Excel Template). Import the file. Done!

Rajesh_Singh
Kilo Sage
Kilo Sage

@Sebastian Casac 

 

If your client does not have a subscription to Thomson Reuters or Compliance UCF, they will need to manually import the ISO 27001/2 content into ServiceNow GRC. However, there are ways to make the process more efficient than simple copy-pasting. Here's a suggested approach:

  1. Obtain a structured format of the ISO 27001/2 standard: Start by acquiring the ISO 27001/2 standard in a structured format, such as a spreadsheet or CSV file. This will make the import process easier.

  2. Prepare the import data: Organize the ISO 27001/2 content into a format that matches the structure of ServiceNow GRC tables. This typically includes Authority Documents, Citations, Control Objectives, and Controls. Make sure you have the correct field names and values to ensure a smooth import process.

  3. Use ServiceNow's Data Import functionality: ServiceNow provides a data import feature that allows you to import data from external sources, such as CSV, Excel, or XML files. Use this feature to import the prepared ISO 27001/2 content into the relevant GRC tables.

Here's a step-by-step guide on how to import the data:

a. Navigate to System Import Sets > Load Data in ServiceNow. b. Select the file format (CSV, Excel, or XML) and upload the file containing the ISO 27001/2 content. c. Click "Submit" to create an Import Set. d. Once the Import Set is created, navigate to System Import Sets > Create Transform Map. e. Choose the Import Set you created earlier and the target table (e.g., Authority Document [sn_comp_authority_doc]). f. Map the fields from the source data (ISO 27001/2 content) to the target table fields in ServiceNow. g. Run the Transform and check for any errors or issues during the import process.

Repeat these steps for each GRC table (Authority Documents, Citations, Control Objectives, and Controls) to import the entire ISO 27001/2 standard into ServiceNow GRC.

While this approach still requires manual effort, it is more efficient than simply copy-pasting content. By organizing the ISO 27001/2 data into a structured format and leveraging ServiceNow's data import features, you can streamline the process and minimize errors.

If you found my response helpful or applicable, please consider marking it as correct or helpful to assist others who may be seeking the same information.

---------------
Regards,
Rajesh Singh

Dear All,

i am looking for ISO 27001 Mapped Excel if anybody has one for importing the same in GRC Module as I don't have a subscription for UCH or any other 

 

Thanks