How do we govern Risk Accepted Problem records in Servicenow?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-10-2025 04:46 AM
Hi All,
I have got a question for this community. My concerns are around the governance we can built in ServiceNow for Risk accepted problem records. So currently we could set up automation to manually review Risk accepted Problem records within 365 days/any specific duration. But the question is around what happens to those problem records? Lets say a problem record is marked as Risk accepted. It is then being reviewed in 365 days. Problem manager has identified that there is no longer any business/services risks. So what is expected to be done to this problem record? Do we just leave them in the same Risk accepted state ? Or do we end up re-opening and moving them to Fix applied state? But wouldn't that not be a logical state for this scenario.(we had actually not done any fix !) Any thoughts or suggestions is much appreciated 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2025 04:51 AM
Hi,
If an accepted risk is no longer a business risk, something has occurred to remove that risk. The "fix" would be that action. That might be the software is decommissioned, the business no longer works against that compliance requirement etc. The "fix" doesn't need to be a technical one
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2025 04:58 AM
@Kieran Anson thank you for your response. But then what if there was no fix delivered. The problems were reviewed at periodic intervals and service management didnt really notice any recent incidents triggered and no major alerts identified via monitoring tools as well. I dont think its right to leave them in risk accepted state and not logical to move them to fix applied. Also we cant really change states unless we re-open problem records in servicenow. So I was wondering how others organizations are doing in this scenario?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2025 06:47 AM
But then what if there was no fix delivered. - Do you have an example? As I might be able to then better explain the difference in opinion here.
Also we cant really change states unless we re-open problem records in servicenow - Do you have apprehension of re-opening a problem? It's a supported feature within the problem lifecycle.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2025 07:20 AM
@Kieran Anson As a service management unit, we want to be in a better position to identify risk accepted problem records that has been reviewed and confirmed that there are no longer risks in place. But its so hard to find that. We do have known error related to it and even if we retire the known error, the parent problem record still stays in Risk accepted captured in Resolution code. There are various ways where we as a business can say that there is no risks in place anymore. One would be the trigger of new incidents. Lets say we mark a problem record as risk accepted in Jan 2024 and when we review it 6/12 months later, we notice that there was NO incidents triggered at all, alerts all show okay, we want to move that problem record away from risk accepted. .. how can we do that??
On the second point, reopening a problem record just to move them from risk accepted to a different state can cause major hit to SLAs and I thought this is not best practice of ITIL
