

- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 11-18-2019 04:00 PM
Learn the importance of Profiles (also called Entities) and how to make the best of them. This tool sometimes creates uncertainty with some users. Yet it is essential to master it. And you will master it after you watch this 30 minutes video tutorial.
Whether you are about to implement or already beyond Maturity Level 1, this tutorial will demystify the powerful concept of Profiles/Entities.
Eric Le Martret, Senior Advisory Solution Consultant, GRC Practice, ServiceNow |
-------------------------------------------------------------
Video content:
Introductions
1:02 Refreshers: Maturity journey
1:43 Why are Profiles/Entities so important: game changers
4:30 Two critical improvements
5:40 A new, structured, efficient, centralized approach
8:10 The scoping process
9:18 Profiles/Entities, Risk and Controls, an example
10:40 Example of a financial services company
12:45 In product demonstration
26:24 What you should do right now
29:13 Take-aways and conclusion
The slides are available in PDF version below:
- 4,675 Views


- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Here is the current list of "get started" tutorials for new customers:
For Policy, Compliance and Risk:
- Prepare to implement Policy, Compliance and Risk
- Implement Policy, Compliance and Risk
- Find the right partner for your implementation
- What training is right for you?
- Profiles (Entities) for Governance, Risk and Compliance: why you need them and how to set them up.
- UCF - Why and how.
- Entities (fka Profiles) in a few words: All places, people and things that...
- Controls: Attestations, Indicators and Control Tests.
- IT compliance.
- Become a GRC athlete.
- GRC implementation checklist.
For Vendor Risk Management:
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Is it fair to say that multiple Entity Class are grouped into an Entity Type and this is their relationship?
I assume there are only 3 or 4 Entity Tiers that correspond to the EA stack (1. Bus, 2. App/Info, and 3. Infra).
Would the following be a valid example?
- Control Objective = Limit outsourcing vendor contracts to 18 months
- Entity(s) = Outsourcing vendor 1 contract, outsourcing vendor 2 contract, et.
- Entity Class = Outsourcing contracts
- Entity Tier = 1
- Entity Type = Contracts
Thanks
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Entity classes are tagging mechanism and can be used for reporting purpose.
In your example entity Class = Contracts
Entity type= Outsourcing Contracts


- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I strongly suggest you also watch this:
Entity Types, Classes and Tiers for GRC: What they are and how to use them (15 minutes).