How to ensure confidentiality in IRM/GRC module?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-22-2023 03:17 AM
Hi all,
We've started using the audit module, and would like to get some tips regarding how we best can set up servicenow with the aim to keep information contained and confidential according to our organizational structure. Please reach out if you've rigged this in a smart and efficient way.
/ Jeanette
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-22-2023 05:16 AM
Good advice from both. I wanted to add something that you might already have, and that are obvious for some. But if you have AD integration (sync of groups) you make it much easier to have control with least privilege access groups. This is especially important to be able to keep least privilege access based on an updated organization (off and on boarding of personnel).
With this as your initial setup you can then focus on the access groups based on organizational needs. If you use many modules and many functions in each you might need many access groups to reach your goal. And without good name policies you might end up with something that is hard to administer and to make sure it is secure over time.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-22-2023 05:24 AM
Amir list up the steps on how to do it. My comment is regarding step 1. Role-Based Access Control (RBAC)
You should really invest some thoughts on how to manage this throught AD group membership. In my experience a 2 tier organizational management need is kind of a pitfall regarding least privilege design.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-22-2023 05:27 AM
@Kenneth Leiknes Thank's.
I am looking for best practice around interacting with the 1.line via/in the audit module in IRM. We'd like to assign issues from 3.line to 1.line, send observations back and forth and so on. We'd also like to create a workspace for the different organizational divisions in the audit module.
It is important for us to keep the maintenance of the structure simple and effective but to be absolutely sure that information regarding audits follows the hierarcy in the organizational structures. Please reach out if any of the users here are using the audit module and are interacting with the 1.line 🙂 I'd be eager to have a look at how this can be done in a smooth way!
/ Jeanette
We do have AD integration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-22-2023 05:36 AM
Keep in mind that you don't necessarily need separate Workspaces for each area. With the way Workspaces are structured you can simply have persona based views.
Meaning if person A opens the workspace he sees data relevant for him, BUT when person B uses the same workspace, he will see different data
