Compliance case workflow

  • Release version: Zurich
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Compliance case workflow

    The Compliance Case Management application workflow helps ServiceNow customers efficiently report, manage, and resolve compliance cases requiring attention from compliance teams. It provides a structured process to handle compliance violations from initial reporting through investigation, resolution, and closure.

    Show full answer Show less

    Workflow Stages

    • Report a compliance case: Business users or compliance team members can report compliance violations via the Employee Center or Compliance Workspace applications.
    • Triage the compliance case: The compliance team validates reported cases and assigns a case analyst to manage the investigation.
    • Investigate and evaluate the compliance case: The assigned analyst collaborates across teams to gather evidence, create and assign case tasks, and document details. Key actions include adding impacted areas (entities, controls, locations, users), related areas (policies, citations, control objectives, risk events), compliance regulations, and causes and consequences of the case.
    • Resolve the compliance case: The analyst initiates remediation and preventive actions, tracks regulatory violations, and ensures necessary reporting to regulators.
    • Post case review and closure: The analyst performs root-cause analysis, identifies related issues, and works with teams to review and close the case.

    Key Outcomes

    • Streamlined compliance case management from reporting to closure ensuring timely and thorough handling of compliance issues.
    • Comprehensive documentation of impacted and related areas, regulatory considerations, and root causes supporting effective resolution and prevention.
    • Enhanced collaboration across teams with clear task assignment and tracking to drive accountability and resolution.
    • Regulatory compliance maintained through tracking and reporting of violations.

    The workflow in the Compliance Case Management application is a process that enables you to report and manage cases that need the compliance team's attention.

    The following diagram shows the workflow of the GRC: Compliance Case Management application.
    Figure 1. GRC: Compliance Case Management workflow
    Workflow of a compliance case.
    The different stages of the workflow are described as follows:
    • Report a compliance case
    • Triage the compliance case
    • Investigate and evaluate the compliance case
    • Resolve the compliance case
    • Post case review and closure

    Report a compliance case

    A business user or a compliance team can report a compliance violation in the Employee Center application. Compliance case team can report cases in the Compliance Workspace application. For more information, see Reporting a compliance case in GRC: Compliance Case Management.

    Triage the compliance case

    After a compliance case is reported, the compliance team triages the case from a validity standpoint. The team then assigns a case analyst to work on the case.

    Investigate and evaluate the compliance case

    The compliance case analyst collaborates with multiple teams to investigate, gather evidence, and capture the details and responses about the case. Then, the case analyst creates the case tasks to initiate an investigation and assessment of a reported case and assigns them to a case task owner.

    The case task owner adds the requested details and submits them to the case analyst for review. Based on the investigation and assessment responses, the case analyst performs the following tasks:
    • Add the areas that are impacted by a compliance case. For example, the impacted areas or records that could be impacted are the entities, controls, locations, or users that are affected by the compliance case. For more information, see Add an impacted area to a compliance case.
    • Add the areas that are related to the compliance case. For example, the related areas include the policies, citations, control objectives, or risk events. For more information, see Add a related area to a compliance case.
    • Add the compliance regulations that might be impacted by the compliance case. For more information, see Add compliance regulations to a compliance case.
    • Add the causes and consequences of this compliance case such as the root cause for the reported compliance case or event and its consequences to the organization. For more information, see Add a cause and consequence to a compliance case.

    Resolve the compliance case

    After all the analysis for the reported case is completed, the case analyst initiates the remediation actions and preventive measures to resolve the case. The case analyst also tracks the reportable regulatory violations to ensure their lodgement to the regulators.

    Post case review and closure

    The case analyst analyzes the causes and consequences of the case. Then, the case analyst​ conduct​s a root-cause analysis to remove the cause of the case. The case analyst can review the case to identify and manage the issues that are related to the impacted areas. For more information, see Add an issue for a compliance case. Finally, the compliance analyst works closely with the various teams to review and close the compliance case.