Easy (and free) ways to import ISO27k as Authority Documents?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2023 05:40 AM
Hi all - first question here so bear with me if I get things wrong....
A client of ours is in the process of setting up and rolling out Policy and Compliance. They want to have ISO27001/2 in their instance so they can map their own control objectives to it. Of course they have purchased the standard from ISO
What would be the smartest way to get the standard into the system? From the ServiceNow docs I get that they can either get it through the Thomson Reuters integration or through the Compliance UCF application - however, as far as I understand, both of them require an additional subscription for their respective products, which our client doesn't have.
Do any of know a smart way to import ISO27k content into ServiceNow other than....
a) getting an intern to copy&paste an import sheet OR
b) trying to convert the epub-file you get from ISO into a usable import format?
Thanks in advance!
Regards
Sebastian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2023 08:43 AM
Indeed, just create / find an XLS containing ISO27k. Modify the XLS to match the import requirements. (Citations > Right click header > Import > Create Excel Template). Import the file. Done!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2023 06:50 AM
If your client does not have a subscription to Thomson Reuters or Compliance UCF, they will need to manually import the ISO 27001/2 content into ServiceNow GRC. However, there are ways to make the process more efficient than simple copy-pasting. Here's a suggested approach:
-
Obtain a structured format of the ISO 27001/2 standard: Start by acquiring the ISO 27001/2 standard in a structured format, such as a spreadsheet or CSV file. This will make the import process easier.
-
Prepare the import data: Organize the ISO 27001/2 content into a format that matches the structure of ServiceNow GRC tables. This typically includes Authority Documents, Citations, Control Objectives, and Controls. Make sure you have the correct field names and values to ensure a smooth import process.
-
Use ServiceNow's Data Import functionality: ServiceNow provides a data import feature that allows you to import data from external sources, such as CSV, Excel, or XML files. Use this feature to import the prepared ISO 27001/2 content into the relevant GRC tables.
Here's a step-by-step guide on how to import the data:
a. Navigate to System Import Sets > Load Data in ServiceNow. b. Select the file format (CSV, Excel, or XML) and upload the file containing the ISO 27001/2 content. c. Click "Submit" to create an Import Set. d. Once the Import Set is created, navigate to System Import Sets > Create Transform Map. e. Choose the Import Set you created earlier and the target table (e.g., Authority Document [sn_comp_authority_doc]). f. Map the fields from the source data (ISO 27001/2 content) to the target table fields in ServiceNow. g. Run the Transform and check for any errors or issues during the import process.
Repeat these steps for each GRC table (Authority Documents, Citations, Control Objectives, and Controls) to import the entire ISO 27001/2 standard into ServiceNow GRC.
While this approach still requires manual effort, it is more efficient than simply copy-pasting content. By organizing the ISO 27001/2 data into a structured format and leveraging ServiceNow's data import features, you can streamline the process and minimize errors.
---------------
Regards,
Rajesh Singh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2024 08:48 PM
Dear All,
i am looking for ISO 27001 Mapped Excel if anybody has one for importing the same in GRC Module as I don't have a subscription for UCH or any other
Thanks