Roles installed

Zurich Governance, Risk, and Compliance

Release

zurich

ft:locale

en-US

ft:publication_title

Zurich Governance, Risk, and Compliance

ft:clusterId

grc

bundleId

grc

workflow

Technology

Roles installed with AI Risk and Compliance

Release version: Zurich

Updated March 12, 2026

2 minutes to read

Summarize

Summarized using AI

Summary of Roles installed with AI Risk and Compliance

The AI Risk and Compliance application in ServiceNow Zurich release installs specific roles designed to facilitate day-to-day operational tasks for managing AI assets across the enterprise. These roles provide varying levels of access and capabilities to support risk and impact assessments, AI system lifecycle management, case handling, and compliance activities.

Show full answer Show less

Key Roles and Their Capabilities

AI Risk and Compliance Admin: Enables full configuration and setup of risk and impact assessment frameworks, automation rules, AI case types, and entity-based access settings. This role can also delete AI systems. Requires the GRC: Entity Based Access application for full functionality.
AI Risk and Compliance Manager: Has broad access to all AI systems, can initiate impact and risk assessments, control attestations, manage AI system lifecycle, and configure bulk access updates. Also dependent on the GRC: Entity Based Access app for some features.
AI Risk and Compliance Analyst: Can perform impact and risk assessments, manage AI system lifecycle, and initiate control attestations only on AI systems assigned to them.
AI Risk and Compliance Business User: Allows creation of AI cases via Employee Center, working on assigned tasks, and performing control attestations.
AI Risk and Compliance Reader: Provides read-only access to AI systems and impact assessments.
AI System Reader: Read access to AI systems within the AI Control Tower and AI Risk and Compliance workspaces.
AI Case Business User: Ability to create AI cases and inquiries through Employee Center.
AI Case Analyst: Reviews assigned AI cases and inquiries, manages impacted compliance areas and related issues.
AI Case Manager: Has access to review all AI cases, inquiries, and associated information.
AI Case Admin: Manages AI case type profiles, sets up assignment rules, and can delete AI cases.

Why This Matters

Assigning these roles appropriately enables organizations to efficiently manage AI risk and compliance processes, ensuring proper governance, oversight, and control of AI systems. Roles are designed to segregate duties, maintain data security, and support compliance workflows, helping ServiceNow customers implement AI governance aligned with enterprise policies.

What Customers Can Expect

Granular control over who can configure, manage, assess, and monitor AI systems and compliance activities.
Integration with GRC Entity Based Access for enhanced security and access control.
Capabilities to create and manage AI cases and inquiries to address AI-related risks and compliance issues.
Defined role sets that align with common operational responsibilities within AI risk management and compliance workflows.

The AI Risk and Compliance installs the essential roles to perform respective day-to-day operational tasks for managing AI assets across the enterprise.

Table 1. Roles and their descriptions
Role title [name]	Description	Contains roles
AI Risk and Compliance Admin [sn_grc_ai_gov.ai_risk_and_compliance_admin]	The AI Risk and Compliance Admin can perform the following tasks: Set up risk and impact assessment frameworks. Configure risk assessment methodologies, risk contribution factors, and impact assessment templates. Define automation rules for impact assessments to determine applicable risks and controls based on the assessment responses. Set up and profile AI case types. Delete AI systems. Enable or disable Entity-Based Access for record types associated with entity properties, and configure the Entity-Based Access settings as needed. Note: GRC: Entity Based Access application must be installed to use this feature.	sn_smart_asmt.template_manager sn_grc_ai_gov.ai_risk_and_compliance_manager sn_smart_asmt.assessment_admin sn_grc_workspace.state_model_admin sn_smart_asmt.template_contributor sn_ai_case_mgmt.ai_case_admin sn_reg_body_mgmt.writer sn_risk_advanced.ara_admin sn_rec_pg_vertical.admin sn_grc_ent_access.admin Note: GRC: Entity Based Access application must be installed for this role to be available.
AI Risk and Compliance Manager [sn_grc_ai_gov.ai_risk_and_compliance_manager]	The AI Risk and Compliance Manager can access all AI systems on the system and perform the following tasks: Initiate impact assessments. Manage the life cycle of an AI system. Initiate risk assessments. Initiate control attestations. Write and update access to the bulk access update configuration. Note: GRC: Entity Based Access application must be installed to use this feature.	sn_grc_ai_gov.ai_risk_and_compliance_analyst sn_smart_asmt.template_contributor sn_smart_asmt.template_manager sn_risk_advanced.risk_asmt_project_manager sn_ai_case_mgmt.ai_case_manager sn_grc_ent_access.bulk_access_config_admin Note: GRC: Entity Based Access application must be installed for this role to be available.
AI Risk and Compliance Analyst [sn_grc_ai_gov.ai_risk_and_compliance_analyst]	The AI Risk and Compliance Analyst can access all AI systems assigned to them in the system and perform the following tasks only on the assigned records: Initiate impact assessments. Manage the life cycle of an AI system. Initiate risk assessments. Initiate control attestations.	sn_ai_case_mgmt.ai_case_analyst sn_smart_asmt.assessment_reader sn_smart_asmt.template_reader sn_grc_ai_gov.ai_risk_and_compliance_business_user sn_grc_ai_gov.ai_risk_and_compliance_reader sn_grc_workspace.user sn_grc_workspace.state_model_reader sn_risk_advanced.ara_creator sn_risk_advanced.ara_assessor sn_risk_advanced.ara_approver sn_risk_advanced.risk_asmt_project_user
AI Risk and Compliance Business User [sn_grc_ai_gov.ai_risk_and_compliance_business_user]	The AI Risk and Compliance User can perform the following tasks: Create AI case on the Employee Center. Work on the assigned tasks. Perform control attestations.	sn_grc_workspace.assessment_template_configuration_reader sn_smart_asmt.actor sn_grc_workspace.user sn_smart_asmt.assessment_reader sn_risk_advanced.risk_asmt_project_reader Note: For more information on AI Control Tower roles, see AI Control Tower roles.
AI Risk and Compliance Reader [sn_grc_ai_gov.ai_risk_and_compliance_reader]	The AI Risk and Compliance Reader can have read access to the AI systems and AI impact assessments.	sn_grc_workspace.user sn_grc_workspace.state_model_reader
AI System Reader [sn_grc_ai_gov.ai_risk_and_compliance_ai_system_reader]	The AI System Reader can have read access to the AI systems on AI Control Tower workspace and AI Risk and Compliance workspace.	NA
AI Case Business User [sn_ai_case_mgmt.ai_case_business_user]	The AI Case Business User can create AI case and AI inquiry on the Employee Center.	sn_grc_case_mgmt.grc_case_business_user
AI Case Analyst [sn_ai_case_mgmt.ai_case_analyst]	The AI Case Analyst can review the AI cases and AI inquiries assigned to them in the system and perform the following tasks only on the assigned records: Identify and manage impacted and related areas such as policies, regulations, and enterprise-wide compliance risks. Identify and manage issues related to impacted areas to eliminate the root causes.	sn_grc_case_mgmt.grc_case_analyst sn_ai_case_mgmt.ai_case_business_user
AI Case Manager [sn_ai_case_mgmt.ai_case_manager]	The AI Case Manager can review all the AI cases, AI inquiries, and its associated information.	sn_ai_case_mgmt.ai_case_analyst sn_grc_case_mgmt.grc_case_manager
AI Case Admin [sn_ai_case_mgmt.ai_case_admin]	The AI Case Admin can manage type profiles to segregate AI cases. They can set up assignment rules and delete AI cases.	sn_grc_case_mgmt.grc_case_admin sn_ai_case_mgmt.ai_case_manager