

- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 06-18-2020 04:34 PM
New GRC users have a lot to learn to make the best of the GRC product for their own particular use cases.
"After playing in GRC for a couple weeks and going through the various training materials, I have a few questions."
We recommend to select and hire an implementation partner, to take the recommended training, to view the free tutorials available on the community but there are always questions that linger, clarifications that are needed to really feel comfortable with the various features of the product.
With the help of GRC community experts, we take a look at some of these questions.
Video contents:
00:01 Introductions
01:16 Is it normal/acceptable to NOT have Controls assigned to every entity in an entity type? Tip: Control Owners can remove Controls attributed to them because of an Entity Type. Not typical.
04:18 Is it normal/acceptable to have a lot of Entity Types? Tip: Start simple, "crawl, walk, run ".
05:50 It doesn’t look like any authority documents/citations were loaded with the SOX Content pack.
06:47 Entity Filters - I’m having trouble understanding their purpose, and what is the impact if the filters aren’t created? Tips: Use Entity Filters to create new Entities (beyond those that are provided). It is possible to have more than one Entity Filter.
09:42 Entity Classes - Are these just an additional reporting/filtering aid or do they play any additional roles? Workbench is a very powerful tool that leverages Entity Classes. Entity Classes are first used for reporting. Entity Classes are also used to build a representation of the aggregation journey. Link Entity Classes so they roll up through the organization (using workbench).
14:09 Have you seen any other companies start with their risk framework in determining their use cases/phases and/or what pitfalls do you see with this approach? Tip: Build your data and system so they can be used for future use cases. Tip: Undertake a GRC readiness Assessment (check the tutorial on the forum).
20:27 There was an error message at the top of the Authority Documents screen “Invalid policy or risk framework”. Is this an error you’re familiar with?
21:32 Conclusion
Many thanks to Eric Le Martret, Raphaël Cardoso and Jagan Rao.
- 2,002 Views

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thanks a lot Eric for the invite! If you have any issue or doubt regarding the topics, please give us a shout
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Many thanks
Maros


- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello Maros,
to answer your question appropriately we need to know a little more about your implementation:
1- What version of the software are you using?
2- Has it been heavily customized or mostly out of the box?
Let's please start with this.
Thank you,
EF
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello Eric,
1. We are currently on New York
2. with regards to GRC, we are very much out of box
Cheers
Maros
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
"We recommend to select and hire an implementation partner, to take the recommended training...." My Company has refused to do this. Are we just wasting our time trying to learn it all on our own? Spreadsheets just seem so much more doable.


- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello
The opportunity cost of not having a solid implementation partner exceeds the cost of the partner (or ServiceNow's professional services).
Having said that, there are examples of customers that successfully implemented on their own.
We dont really have a roadmap for these scenarios because they are quite rare.
It sounds like you are headed own that route. There are lots of resources available to you. The free tutorials here are designed to help and this community will be your daily companion...
It is however essential that you take and your teams follow the training classes.
Let us know how you progress.
E
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thank you for the response.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Maros,
The entity tiers are used for creating entity hierarchy. Based on the tiers and the entity classes associated with those tiers, you would be able to relate upstream and downstream entities. For e.g., if you have 3 tiers and associated entity classes as follow:
'Business Services' Entity Class --> Associated with 'Business' Tier (Tier level - 10)
'Business Applications' and 'Business Processes' Entity Classes --> Associated with 'Applications' Tier (Tier level - 20) And
'Computers' and 'Software Assets' Entity Classes --> Associated with 'IT assets' Tier (Tier level - 30)
Based on the tier level, the classes can be related to each other in a hierarchy. So in above case, the hierarchy will look like this:
Level 1 - Business Services
Level 2 - Business Applications, Business Processes
Level 3 - Computers, Software Assets
So when you are building the entity hierarchy, you can only see upstream and downstream entities to associate with based on the defined tiers and related classes.
Let me know if this is not clear, or if you have more questions.
Also you made a great point about having a condition builder for creating a class.We haven't heard of this request from any other customer as yet, but I will make a note of it for future consideration.
Thanks,
Anushree Randad
Principal Product Manager - GRC
ServiceNow


- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
More information on this here: https://community.servicenow.com/community?id=community_question&sys_id=70c35785db6e3f04a39a0b55ca96...