GRC: SOX content pack release notes

  • Release version: Store
  • Updated June 11, 2026
  • 2 minutes to read
  • Version history for the Governance, Risk, and Compliance Sarbanes-Oxley (SOX) content pack on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 22.3.0 - June 2026 (Australia)
    • New:
      • Query range ACLs include the following enhancements:
        • Consistent access control — All tables include standardized query range security ACLs. These ACLs ensure that authenticated users with appropriate read permissions can query records consistently across the platform.
        • Seamless upgrade experience — New query ACL rules are installed automatically during upgrade, with no administrator action required. Automated upgrade scripts handle the transition, including detecting and processing previously customized ACLs to ensure existing processes continue without interruption.
      • Post-upgrade review for customized ACLs:
        • If the instance includes administrator-modified query range ACLs, review those records after upgrade to confirm they align with the intended access policy.
    • Changed: Validated plugin dependencies to prevent ACLs from referencing roles provided by uninstalled optional plugins.
    Version 22.0.1 - March 2026
    Changed: Updated control objective content records with Record nature field as Current version and State as Published.
    Version 21.1.0 - December 2025 (Zurich)
    Fixed: Added read-only attribute to read-only fields for enhanced security
    Version 5.0.2 (Kingson, London) - October 2018
    • The Sarbanes-Oxley (SOX) Content Pack includes the following content elements:
      • Pre-defined profile type and profiles
      • SOX policies
      • Policy statements and controls
      • SOX control attestation template
      • Risk statements and risks
      • Indicator templates and indicators
      • SOX audit engagement
      • Audit tasks
      • Test templates and test plans
      • Reports and dashboards
    • The following relationships are also established:
      • Policy statements to policies
      • Controls to policies (through policy statements)
      • Indicators to controls
      • Risks to risk statements
      • Risks to profiles
      • Risks to controls (mitigating controls)
      • Test plans to controls for control testing
    • Other GRC roles:
      • Compliance Reader (sn_compliance_reader) can read SOX Compliance Dashboard and SOX Processes
      • Compliance Manager (sn_compliance_manager) can read SOX Compliance Dashboard, SOX Risk Dashboard, and edit SOX Processes
      • Compliance Admin (sn_compliance_admin) can read SOX Risk Dashboard and edit SOX Compliance Dashboard and SOX Processes
      • Risk Reader (sn_risk_reader) can read SOX Risk Dashboard and SOX Processes
      • Risk Manager (sn_risk_manager) can read SOX Compliance Dashboard, SOX Risk Dashboard, and edit SOX Processes
      • Risk Admin (sn_risk_admin) can read SOX Compliance Dashboard and edit SOX Risk Dashboard and SOX Processes
      • Audit User (sn_audit_user) can read SOX Compliance Dashboard, SOX Risk Dashboard, and SOX Processes
      • Audit Admin (sn_audit_admin) can read SOX Compliance Dashboard, SOX Risk Dashboard, and edit SOX Audit Dashboard and SOX Processes