Download Advanced Risk

Australia Governance, Risk, and Compliance
Release
australia
ft:locale
en-US
ft:publication_title
Australia Governance, Risk, and Compliance
ft:clusterId
grc
bundleId
grc
workflow
Technology
  • Governance, Risk, and Compliance
  • GRC and the ServiceNow Store
  • Download a GRC application from the ServiceNow Store for the first time
  • Get entitlement for a GRC product or application
  • Activate an entitled GRC ServiceNow Store application
  • Install GRC content packs and integrations
  • Update a GRC application
  • Upgrade your instance to the next GRC family release
  • AI Risk and Compliance
  • Explore
  • AI assets
  • AI systems
  • AI models
  • Datasets
  • 360° AI asset view
  • Entity Based Access for AI assets
  • AI Risk and Compliance workspace
  • Risk & compliance tab
  • Operations tab
  • AI cases tab
  • AI risk heatmap workbench
  • Tasks page
  • Risk assessment project
  • Risk assessment project workflow
  • AI Risk and Compliance Content accelerator
  • Automatic AI case and inquiry creation from email
  • AI governance life cycle
  • Intake requests
  • AI cases and inquiries
  • Assessment templates
  • Risk assessment methodologies
  • Offboarding AI assets review
  • Configure
  • Install application
  • Content pack
  • Install content
  • Activate or update EU Artificial Intelligence Act
  • Activate or update NIST Risk Management Framework
  • Configure workspace
  • Set up properties
  • Advanced Risk assessment properties
  • Configure email intake
  • Use
  • Request an AI use case
  • Request an AI use case form
  • Request an AI model
  • Request an AI model form
  • Request a dataset
  • Request a dataset form
  • Raise an AI inquiry
  • Raise an AI inquiry form
  • Report an AI case
  • Report an AI case form
  • Report an AI case anonymously
  • Report an AI case form
  • Follow up on an anonymous report
  • Create an AI issue
  • Create New AI Issue form
  • Remediate an issue
  • Initiate AI assessment on an AI asset
  • Perform impact assessment on an AI use case
  • Initiate risk assessment
  • Perform risk assessments
  • Manage controls
  • Add controls
  • Remove controls
  • Delete controls
  • Create control attestations for an AI asset
  • Request risk assessments
  • Create risk assessment project
  • Perform bulk assessment in stacked view
  • Perform bulk assessment in grid view
  • Create an AI case
  • Create New AI case form
  • Reference
  • Roles installed
  • Tables installed
  • Advanced Risk properties
  • Assessment templates
  • Risk assessment methodologies
  • AI governance email notifications
  • Audit Management
  • Exploring Audit Management
  • Configure
  • Activate Audit Plugin
  • Audit Setup Checklist
  • GRC Audit Test Suite
  • Advanced Audit App Setup Checklist
  • Audit Management Overview
  • Audit Report Templates
  • Audit Test Template and Plans
  • Audit Test Template Creation
  • Link Test Template to Control Objectives
  • Audit Test Plan Creation
  • Multiple Test Plan Creation
  • Manage engagements
  • Audit task management
  • Create Audit Engagement
  • Audit Report Generation
  • Copy Audit Engagement
  • Control Test Creation
  • Auto Control Test Creation
  • Audit Task Activity Creation
  • Audit Interview Task
  • Audit Walkthrough Task
  • Audit KB Article Creation
  • Engagement Approval Actions
  • Add Engagement Entities
  • Use the Audit Engagement
  • Workbench Engagement Setup
  • Cloud Document Management
  • Prerequisites to Manage your Documents using Microsoft
  • Cloud File Access Setup
  • Cloud File Configuration
  • Cloud File Form Setup
  • File Access Permissions
  • File Access Form Setup
  • File Access Configuration
  • Cloud File Upload
  • Link Cloud File
  • Link a reference cloud
  • Mark a cloud file
  • Mark a cloud file as shareable
  • Remove a linked cloud
  • Risk Monitoring & Indicators
  • Audit Engagement Overview
  • Create a GRC indicator
  • Create GRC indicator template
  • Confidentiality flag for Audit
  • Audit Issues & Remediation
  • Manually create issues
  • Issue form
  • Audit Evidence Request
  • Evidence request workflow
  • Request evidence for audit
  • Provide requested evidence
  • Approve evidence before evidence
  • Accept, reject, or cancel
  • Audit Plan Overview
  • Create an audit plan
  • Approve a plan
  • Engagement with advanced planning
  • Add auditors for an engagement
  • Create an auditable unit
  • Audit Types Overview
  • Audit Milestone Management
  • Create an engagement milestone
  • Create a milestone from
  • Audit observations
  • Audit Expense Rollup
  • Integrating Audit Management with Time Card
  • Audit Workspace Overview
  • Audit Supervisor Workspace
  • Create a test template
  • Create a test plan
  • Create a plan
  • Create an audit engagement
  • Manage an engagement from
  • Create an auditable unit
  • Create a milestone for an engagement
  • Audit Task Management
  • Create a control test
  • Create an activity
  • Create an interview
  • Create a walkthrough
  • Add entities to an engagement scope
  • Create an issue
  • Request evidence during audits
  • Request evidence using Audit
  • Audit observations in Audit
  • Create an observation
  • Audit Workspace Limited
  • Create the Tests step
  • Create test step plans
  • Create test step templates in the test templates
  • Approve or reject an engagement in Audit Workspace
  • Generate an audit report for an engagement using Microsoft Word template
  • Create a Microsoft Word template record for an audit report
  • Word template form
  • Word template category form
  • Generate a report for an engagement in a classic report template
  • Audit Workspace for the Auditor
  • Update an assigned control test in Audit Workspace
  • Update other assigned audit tasks in Audit Workspace
  • Create an observation for an audit task
  • Matrix report in Audit Workspace
  • Configure matrix report registry to set up base table for audit matrix report
  • Matrix relationship form
  • Configure target table fields as columns for matrix report
  • Matrix column configuration form
  • Create matrix report configuration for Audit Workspace
  • Matrix report configuration form
  • View matrix report in landing page and record page of Audit Workspace
  • Audit Management reference
  • Components installed with Audit Management
  • Roles required for Engagement project planning for Project Portfolio Management
  • Roles required for Advanced planning capability
  • Domain separation and Audit Management
  • Analytics and Reporting Solutions for Audit Management
  • Audit Engagement Overview Performance Analytics dashboard
  • Audit Manager Performance Analytics dashboard
  • Business Continuity Management
  • Explore
  • BCM Configurable Workspace
  • Home page view
  • My tasks page view
  • List view
  • Crisis map view
  • Business impact analysis
  • Use cases for BIA
  • Business impact analysis
  • Grid configurations and categories
  • Business continuity planning
  • Assets and plans
  • Recovery teams, loss scenarios
  • Use cases for business continuity planning
  • Element definitions and variables
  • Exercises
  • Crisis events
  • Crisis map interface
  • Emergency notifications in Everbridge
  • Configure
  • BCM and ServiceNow Store
  • Get entitlement for the BCM application
  • Install BCM from ServiceNow Store
  • BCM lite operators
  • General administration setup for BCM
  • Dependency Configuration records
  • Configuring impact analysis dependency updates
  • Set up Impact analysis dependency update configuration
  • Impact analysis dependency update configuration form
  • Configuring planning dependency updates
  • Set up Planning dependency update configuration
  • Planning dependency update configuration form
  • Configuring sources for adding event dependencies
  • Configure Event dependency source configuration record
  • Event dependency source configuration form
  • Configure impact category for BIA
  • Impact Category record form
  • Configuring the documentation section
  • Configure documentation section
  • Documentation Section record form
  • Configure element definition
  • Element definition record form
  • Configure element variables for element definitions
  • Element variable record form
  • Configure loss scenarios in the plan
  • Loss Scenario record form
  • Configure impact ratings
  • Impact Rating record form
  • Configure recovery tiers for BIA
  • Recovery Tier record form
  • Set up recovery timeframes
  • Configure grid categories
  • Grid category record form
  • Configure grid for BIA assessment
  • Grid configuration record form
  • My tasks page configurations
  • Approval configuration
  • Set up approval configuration
  • Set up approval levels
  • Set up approval rules
  • BCM properties
  • Properties installed with BCM
  • Setup for a BIA
  • Configure BIA templates
  • BIA template form
  • Create Smart Assessment templates for BIA
  • Configure RTO and RPO Smart Assessment templates workflow
  • Configure BIA templates with SAE
  • BIA template record
  • Setup for a BCP
  • Configuring plan template
  • Configure the BCP template
  • Plan Template form
  • Set up the phases
  • Phase form
  • Generating reports using Document designer
  • Install Document designer with Microsoft Word
  • Set up the template configurations
  • Configuring the data relationships
  • Set up the content configurations
  • Define the scripted variables
  • Manage Microsoft Word document templates
  • Microsoft Word template form
  • Install the Document designer add-in
  • Save Microsoft Word document as template
  • Generate reports for the BIAs, BCPs, and events
  • Format PDF templates for BIAs, BCPs, and Events
  • Configure 360° relationship registries and views
  • Setup for Everbridge notifications
  • Create connections and authenticate credentials
  • Create Connection and Credentials form
  • Import the delivery channels
  • Import the record types
  • Create templates for emergency notifications
  • Notification Template form
  • Create contacts for emergency notifications
  • Contact form
  • Create the contact import rules
  • Contact Import Rules form
  • Create notification contact groups
  • Notification Contact Group form
  • Setup for Crisis map
  • Customization properties
  • Customization properties table
  • Google Maps APIs
  • Configure Scheduled Imports
  • Scheduled Data Imports form
  • Configure Resource Configuration records
  • Resource Configuration form
  • Configure alert rules
  • Alert Rules form
  • Configure alert actions
  • Alert Action form
  • Setup by system administrators
  • Update number of records for reference fields
  • Update count of element definitions
  • Application menu options
  • Setup for the UI Builder
  • BCM implementation
  • BCM in the Classic Workspace
  • Element definitions in Classic Workspace
  • Impact rating in Classic Workspace
  • Recovery tier in Classic Workspace
  • Grid configuration
  • Set up element variable
  • Set up grid configuration
  • Set up recovery timeframe
  • Configure a documentation section
  • Configure a plan for a loss scenario
  • Configure a BIA template
  • Configure a BCP template
  • Configure an impact category
  • Manage
  • Structured workflows for BIAs
  • Impact categories and ratings
  • RTO, RPO, and recovery tiers
  • Calculating RTO and RPO
  • BIA states and UI actions
  • Configuring dictionary, UI policy, and element variables
  • Using latest assessment for conducting BIAs
  • Create a business impact analysis
  • Create New Impact analysis form
  • Scheduling an auto-update of dependencies
  • Update the BIA dependencies
  • Assess impact categories and dependencies
  • Approve the business impact analysis
  • Update dependencies of BIAs in Self-Service
  • Visualize 360° relationships for BIAs
  • Generate BIA reports in PDF or Microsoft Word
  • Structured workflows for BCPs
  • States and UI actions for a BCP
  • Create a business continuity plan
  • Create New Plan form
  • Scheduling auto-update of related assets
  • Update the planning dependencies
  • Add asset and scope to the BCP
  • Create documentation sections
  • Add associated plans and recovery teams
  • Associating related plans to a recovery task
  • Add loss scenarios
  • Add recovery strategies for dependencies
  • Create New Recovery strategy form
  • Mapping recovery tasks to phases
  • Add recovery tasks
  • Create New Recovery task form
  • Automate recovery tasks
  • Create a subflow form
  • Submit the BCP for approval
  • Visualize 360° relationships for the BCP
  • Generate BCP reports in PDF or Microsoft Word
  • Structured workflows for Exercises
  • States for an exercise and crisis event
  • Event assets
  • Mapping event tasks to phases
  • Using nested plans
  • Adding dependencies of impacted assets
  • Enhancing event task management with Hierarchical view
  • Create an exercise
  • Create Exercise Event form
  • Update the event dependencies
  • Track impacted assets and add associated plans
  • Creating action items in events
  • Create task and assessment-type action items in events
  • Create New Action item form for events
  • Creating similar tasks groups
  • Create a similar tasks group
  • State changes for event tasks in groups
  • Import plans and recovery tasks
  • Monitor event tasks and create ad-hoc tasks
  • Create New Event Task form
  • Start an event
  • Request an approval and approve the event
  • View recovery tasks from Self-Service
  • View 360° relationships for exercises and crises
  • Generate reports in PDF or Microsoft Word
  • Structured workflows for Crisis events
  • Start a crisis event
  • Create Crisis Event form
  • Using nested plans
  • Track impacted assets and add related plans
  • Add a task to the crisis event
  • Import automated tasks and start an event
  • Creating action items in crisis events
  • Create task and assessment-type action items
  • Create New Action item form for crisis events
  • Create a similar tasks group in a crisis
  • Request an approval and approve the crisis
  • Structured workflows for Crisis map
  • Enhanced performance with UIB pages
  • Manage alerts from the map interface
  • Set controls to customize the alerts
  • Select resource layer clustering
  • Monitor assets within the impacted areas
  • Initiate the response actions
  • Managing plans with BCM mobile application
  • Set up the BCM mobile application
  • Log in to the BCM mobile application
  • Monitor the plan list and generate the PDF
  • Using BCM Classic Workspace
  • Customizing BCM classic Workspace
  • Migrating reports and custom changes
  • Structured workflows for BIA
  • Create a business impact analysis
  • Assess impact categories and dependencies of process
  • review-impact-category-bia
  • Assess RPO impact of technology assets
  • Identify critical dependencies
  • Add dependencies based on CI relationships
  • View business impact analysis details
  • View approval state flows for BIA
  • Update dependency details of a BIA in Self Service
  • Structured workflows for Business Continuity Planning
  • Create a business continuity plan
  • View plan details
  • Plan overview scorecards
  • Add an asset to the scope of BCP
  • Add related assets and related plans
  • Manage plan documentation sections
  • Assign roles to recovery teams
  • Identify loss scenarios
  • Establish recovery strategies
  • Group recovery tasks
  • View details of a business continuity plan
  • View approval state flows for BCP
  • Structured workflows for Exercise and Crisis Management
  • Start an exercise event
  • Start a crisis event
  • Review and start an exercise event
  • Manage a crisis event
  • Monitor event task completion
  • Add assets and plans to an event
  • Data flow, planning, and execution in an event
  • View recovery tasks from Self-service
  • Crisis Management map
  • Setting up the crisis map
  • Configure search for places in crisis map
  • Configure scheduled data imports for crisis map
  • Configure a resource for crisis map
  • Configure alert rules to display alerts in crisis map
  • Configure an alert action
  • View and manage alerts in the crisis map
  • Set controls to customize alerts
  • View resource layer clustering
  • View assets at risk within the impacted area
  • Notify stakeholders and initiate response workflows
  • Integrating Crisis Management with Everbridge
  • Setup steps for emergency notification
  • Create connection and authenticate credential
  • Import delivery channels from Everbridge
  • Import delivery channels from Everbridge
  • Define a template for emergency notification
  • Create contacts for emergency notifications
  • Create contact import rules
  • Create a notification contact group
  • Create an emergency notification and monitor its workflow
  • Create an emergency notification
  • Integrate
  • Workflow status of emergency notifications
  • Create emergency notifications
  • Create New Notification form
  • Reference
  • Components installed with Business Continuity Management
  • Data Relationships Framework
  • Create a main node configuration record
  • Main node configuration new record form
  • Create a relationship registry record
  • Relationship registry new record form
  • Configure the properties
  • Data Relationships Framework properties form
  • GRC record page template for BCM records
  • Stepper component in the Overview tab of the records
  • Compliance Case Management
  • Explore
  • Compliance case workflow
  • Compliance request workflow
  • Landing page
  • Using
  • Smart assessments in Compliance Case Management
  • 360 degree relationship visualization
  • Configure
  • Download application
  • Install application
  • Create a case type
  • Case Type form
  • Create view rule
  • View Rule form
  • Create assignment rule
  • Assignment Rule Form
  • Create Request type
  • Request Type form
  • Create compliance state model
  • GRC State Model form
  • Create workflow state
  • Workflow State form
  • Define model state transitions
  • Model state transition condition form
  • Create assessment template
  • Assessment Metric Type form
  • Use
  • Report compliance case
  • Employee Center
  • Report compliance case form
  • Create compliance case
  • Compliance case form
  • Report a compliance case anonymously
  • Anonymous compliance case form fields
  • Raise compliance request
  • Employee Center
  • Raise a Compliance Request form
  • Compliance workspace
  • Compliance request form
  • Compliance case task workflow
  • Create action task
  • Case task form
  • Work on action task
  • Reassign Action Task
  • Review and close action task
  • Add impacted area
  • Add related area
  • Add cause and consequence
  • Cause and Consequence form
  • Add compliance regulations
  • Add issue
  • Create an Issue form
  • Export report to PDF
  • Compose email
  • Configure due dates
  • Smart assessments
  • Reference
  • Installed Tables
  • Installed Roles
  • Continuous Authorization and Monitoring
  • Exploring CAM
  • Configuring CAM
  • Checklist for Continuous Authorization and Monitoring setup
  • Assign Continuous Authorization and Monitoring roles to users and groups
  • Using CAM
  • RMF step 0 - Prepare the authorization package
  • Define the authorization boundary
  • Create an authorization package
  • RMF step 1 - Categorize the authorization package
  • RMF step 2 - Select controls for an authorization package
  • Set up baseline controls
  • Inherit from a common control
  • Inherit from multiple providers
  • RMF step 3 - Implement controls
  • View controls in grid view
  • RMF steps 4, 5, and 6 - Assess, authorize, and monitor
  • CAM workflow configuration
  • Enable CAM workflow configuration
  • Run migration scheduled job
  • GRC state model configuration
  • Create GRC workflow states
  • Configure transition between state models
  • Create GRC model state transition conditions
  • Add existing attributes to a GRC workflow state
  • Create a new state model attributes
  • Workflow configuration
  • Add version to workflow
  • Add impact to version
  • Add view rules to workflow
  • Implementing controls and assessment objectives in CAM
  • Generate assessment procedure plans for a test plan
  • Determine control effectiveness of a control test
  • Define control requirements
  • Modify control requirement
  • Control requirement generation and upgrade steps
  • View control tests in grid view
  • Request control tailoring
  • Create a control tailoring request
  • Approve or reject a control tailoring request
  • Continuous authorization and monitoring tasks in the CAM Workspace
  • Monitoring and managing security from the CAM Workspace Home page
  • Monitor and manage your NIST security posture
  • Monitor and manage CAM tasks
  • Managing POA&Ms issues
  • View reports on authorization boundary elements
  • View package details in CAM Workspace
  • Apply overlays to the baseline controls
  • ATO artifacts for an authorization package
  • Generate ATO artifacts
  • CAM OSCAL
  • Export in OSCAL format
  • Export OSCAL catalog
  • Export OSCAL SSP
  • Export OSCAL POA&M
  • Export an OSCAL Assessment Plan
  • Export OSCAL Assessment Results
  • Import in OSCAL format
  • Import OSCAL catalog
  • Import OSCAL SSP
  • Import OSCAL Assessment Results (AR)
  • OSCAL Assessment Plan field mapping
  • OSCAL Assessment Results field mapping
  • OSCAL namespace
  • Analytics and Reporting Solutions for CAM
  • CAM Overview dashboard
  • AO Overview dashboard
  • SCA Overview dashboard
  • CAM reference
  • CAM user roles
  • Control Requirement Details View
  • Compliance impact on control requirements
  • Fields on the Authorization Boundary form
  • Fields on the Authorization Package form
  • Components installed with Continuous Authorization and Monitoring
  • Configuring ATO artifacts report templates
  • Install the add-in
  • Create content configurations for CAM
  • Word template form
  • Word template category form
  • Model Risk Management
  • Explore
  • Model Risk Workspace
  • Configure
  • Install Model Risk Management
  • Configure Model Workflow Settings
  • Use
  • Request a new model
  • New Model Intake form
  • Initiate a model risk assessment
  • Perform model risk assessment
  • Create a validation task
  • Perform model validation
  • Request evidence for model
  • Request evidence form
  • Approve or reject model assessment and validation tasks
  • Create an issue for model
  • Create an issue form
  • Create assessment in the Pre-deployment stage
  • Schedule assessment and validation tasks
  • Reassign model assessments and validations
  • Copy assessment responses
  • Override model ratings
  • Link existing documents to a model record
  • Reference
  • Model Risk Management email notifications
  • Roles installed with Model Risk Management
  • Tables installed with Model Risk Management
  • Operational Resilience
  • Explore
  • Key dependencies for Operational Resilience
  • Common Service Data Model for Operational Resilience
  • CSDM data workflow and business model views
  • Main node configurations: A component of the Data Relationship Framework
  • Node relationship configurations
  • Relationships between CSDM objects
  • Nexus map configurations
  • Node and edge configurations and property setting from the UI
  • Main node configuration source
  • Configure
  • Install Operational Resilience application
  • Assign Operational Resilience roles to users
  • Setting up pillars, entity types, entity filters, and entities
  • Set up pillars and entity types from Workspace UI
  • GRC Choices form
  • Entity type new record form
  • Set up pillars and entity types from Core UI
  • Configure the entity filters
  • Create new entity filter form
  • Activate the entity filters
  • Verify the configuration of entity filters
  • Generate entities automatically using a scheduled job
  • Add entities manually
  • Configure the Main node configurations
  • Main node configuration form
  • Configure the Node relationship configurations
  • Node relationship configuration form
  • Relationship registry record form
  • Configure the Nexus map configurations
  • Nexus map configuration form
  • Configure the Node configurations
  • Node configuration form
  • Configure the Node status configurations
  • Node status configuration form
  • Configure the Edge configurations
  • Edge configuration form
  • Configure the Edge status configurations
  • Edge status configuration form
  • Configuring Operational Resilience properties
  • Configuring 360º views for services and processes
  • Opres with CSDM header Main node configuration
  • Service (CMDB) Main node configuration
  • Business process to dependencies Main node configuration
  • Business service to dependencies Main node configuration
  • Service offering to dependencies Main node configuration
  • BCM dependencies related Main node configurations
  • Sample Services to dependencies configuration
  • Sample Application service to dependencies configuration
  • Sample end-to-end workflow for a business service
  • Sample end-to-end workflow for services
  • Completing general administrative tasks
  • Create a scenario and link it to an event
  • Scenario New record form
  • Create an event group for the scenario
  • GRC Choice New record form
  • Create an event for the scenario
  • Event New record form
  • Add a participant role for the scenario analysis
  • GRC Choice New record form for participant roles
  • Update the Important choices module
  • GRC Choices form
  • Set up the Importance and Impact Tolerance Rating Scale
  • Rating Scale New Record form
  • Create and edit the attestation template
  • Assessment Metric Type New Record form
  • Create a Smart Assessment template
  • Set up Legacy assessment template
  • Assessment Metric Type form
  • Create HTML and PDF document templates
  • HTML Template form
  • Show Business services overview tab in Workspace view
  • Setting up the Operational vulnerability module
  • Set up the Operational vulnerability type
  • Vulnerability Type form
  • Set up the State model and Action task model
  • GRC state model form
  • Define the state transitions model
  • Set up the Vulnerability Assessment Template
  • Assessment metric type form
  • Set up the Document Template
  • HTML Template form
  • Manage
  • Gathering data aligned with the CSDM setup
  • Using the flexible data model
  • Data setup for business services
  • Add a service to Operational Resilience reporting
  • Create New Service form
  • Add a business service to Operational Resilience reporting
  • Create New Business Service form
  • Add a service offering to Operational Resilience reporting
  • Create New Offering form
  • Add a business process to Operational Resilience reporting
  • Create New Business Process form
  • Add an application service to Operational Resilience reporting
  • Create New Service Instance form
  • Verify the Main node configurations and relationships
  • Execute the scheduled jobs
  • Interacting with the Nexus map UI from the Workspace
  • Fetching dependencies from the CMDB and BIA
  • Performing Importance and impact tolerance assessment
  • Create an Importance and impact tolerance assessment
  • Create New Importance and impact tolerance assessment form
  • Define the scope and begin the assessment
  • Submit the assessment
  • Request an approval for the assessment
  • Close the assessment
  • Certifying services using self-attestation
  • Perform the self-attestation assessment
  • Create New Self attestation form
  • Submit the self-attestation report
  • Managing Operational vulnerability
  • Operational vulnerability
  • Reporting Operational vulnerability
  • Report an Operational vulnerability from the Employee Center
  • Report operational vulnerability form
  • Assign the reported vulnerability to an analyst
  • Report an Operational vulnerability from the module
  • Create New Operational vulnerability form
  • Report an Operational vulnerability from the Importance assessment
  • Report an Operational vulnerability from the Scenario analysis
  • Report an Operational vulnerability from the Self-attestation module
  • Report an Operational vulnerability from the Service record
  • Add the primary origin
  • Primary origin form
  • Add the impacted area
  • Impacted area form
  • Update the state of the operational vulnerability
  • Creating an action task for the operational vulnerability
  • Manage an assessment-type action task
  • Create New Action task form
  • Reassign or accept the assigned action task
  • Perform an assessment on the action task
  • Manage an investigation-type action task
  • Request an approval for the action task
  • Decide the treatment and perform a root cause analysis
  • Add or create an issue for the operational vulnerability
  • Request an approval
  • Approve the operational vulnerability
  • Close the operational vulnerability
  • Maintaining Digital resilience third-party registers
  • Exploring Digital resilience third-party registers
  • Use cases for updating the information registers
  • Register of information regulatory packages
  • Validation framework for Register of Information in Operational Resilience
  • Configuring Digital resilience third-party registers
  • Creating and reviewing the records
  • Validate the Register of Information packages
  • Display the help tips on the forms
  • Using Digital resilience third-party registers
  • Create a legal entity and enhance digital resilience data
  • Create New Company form
  • Create New Legal entity form
  • Create a branch and enhance digital resilience data
  • Create New Branch form
  • Create a function and enhance digital resilience data
  • Create Function form
  • Create a third party and enhance digital resilience data
  • Create New Company form
  • Create New ICT third-party service provider form
  • Create a third-party engagement and enhance digital resilience data
  • Add Digital resilience information to third-party engagements
  • Create New Third party engagement form
  • Create a contract and enhance digital resilience data
  • Create New Contract form
  • Create New Contractual arrangement form
  • Create a supply chain and enhance digital resilience data
  • Create New ICT service supply chain form
  • Create an assessment and enhance digital resilience data
  • Create New Assessment of the ICT service
  • Create Microsoft Excel download and upload request
  • Create New Excel download/upload request form
  • Currency conversion and third-party aggregation
  • Convert and aggregate contractual expenses to regulator-required currencies
  • Create records in bulk
  • Update existing records in bulk
  • Generate a register of information package
  • Using Digital resilience incident reporting
  • Explore
  • Configure
  • Set up entities for the targets
  • Map regulations to the entities
  • Set up DRIR Smart Assessment templates in the Assessment Workspace
  • Set up action task templates in Regulatory agency profile
  • Set up the flows in Flow Designer
  • Manage
  • Reporting incidents from SOW and SIR Workspace in DRIR
  • Report a major incident from Incident Management
  • Report a major incident from Security Incident Response
  • Report a major incident manually
  • Create New Digital Resilience Incident form
  • Reporting incidents or security incidents for multiple regulations
  • Complete action tasks and report incidents associated with regulations
  • Generating Microsoft Word reports using Document designer
  • Install the Document designer with Word application
  • Create Template configurations
  • Create Data relationships
  • Create Content configurations
  • Download the manifest file
  • Build the Microsoft Word template using the add-in
  • Generate a Microsoft Word report
  • Creating or adding an issue
  • Create New Issue form
  • Landing page and dashboard views
  • Resilience metrics
  • Business services overview tab
  • Services overview tab
  • Pillars overview tab
  • Task page and List view
  • Reference
  • Properties installed with Operational Resilience
  • Roles installed with Operational Resilience
  • Scheduled jobs installed with Operational Resilience
  • Script includes installed with Operational Resilience
  • Tables installed with Operational Resilience
  • Tables relevant to CSDM
  • Tables relevant to Operational vulnerability
  • Digital resilience third-party registers reference
  • Roles installed with Digital resilience third-party registers
  • Tables installed with Digital resilience third-party registers
  • Digital resilience incident reporting reference
  • Roles installed with Digital resilience incident reporting
  • Script includes installed with Digital resilience incident reporting
  • Tables installed with Digital resilience incident reporting
  • Policy and Compliance Management
  • Explore
  • Structural overview
  • An overview of policy life cycle in Policy and Compliance Management
  • Implement
  • Implement setup checklist
  • Download
  • Quick start tests
  • Perform
  • Assign roles
  • Set properties
  • Mandatory setup
  • Create policy
  • Create control objective
  • Relate control objective
  • Create control attestation
  • Create control indicator
  • Enhancement steps
  • Create article template
  • Create or deactivate citation
  • Set notification properties
  • Set up GRC Virtual Agent
  • Allow policy exception requests
  • Configure policy exceptions
  • Register other applications
  • Define policy exception reason choices
  • Define policy categories
  • Create exception questionnaire
  • Define policy exception verification rules
  • Define policy exception approval rules
  • Define policy extension approval rules
  • GRC Approval Configurator
  • Enable GRC Approval Configurator
  • Define policy exception and extension rules
  • Classic UI
  • Manage
  • Create policy
  • Approve and publish policy
  • Acknowledge policy
  • Set up campaign
  • Create audience
  • Submit acknowledgement request
  • Respond to acknowledgement request
  • Work with acknowledgements
  • Retire policy
  • Create article template
  • Create control objective
  • Deactivate a control objective
  • Relate control objective
  • Relate control objective
  • Create or deactivate citation
  • Create authority document
  • Deactivate authority document
  • Manage policy exceptions and extensions
  • Request policy exception
  • Request policy extension
  • Review policy exception and extension
  • Request policy exception
  • Request policy extension
  • Integration with Vulnerability Response
  • Manage issues
  • Manually create issues
  • Group issues under new parent
  • Group issues under existing parent
  • User hierarchy access control
  • Report self-identified issues
  • Triage self-identified issue
  • Remediate issue
  • Manage UCF integration
  • Activate Compliance UCF
  • Configure UCF integration through API key
  • Configure UCF integration using UCF CCH
  • integrate with UCF Common Controls Hub
  • Create Now Support Case
  • Download UCF Shared list
  • Eliminate duplicate citations
  • Manage controls
  • Create control
  • Follow control
  • Attest control
  • Create multiple controls
  • Manage control attestations
  • Manage control indicators
  • Monitor controls
  • Manage evidence requests
  • Evidence request workflow
  • Request evidence during audits
  • Reuse evidence from related engagement items
  • Provide requested evidence
  • Approve evidence
  • Review and manage evidence requests
  • Enable Related Evidence related list
  • Manage GRC tasks from Employee Center
  • Report GRC issues
  • Create policy exception
  • Complete control assessments
  • Policy knowledge base
  • Group similar assessments
  • GRC Compliance workspace
  • Compliance Workspace
  • Compliance Manager home
  • Compliance Analyst home
  • IT Compliance Manager home
  • Configure
  • Configure IT compliance manager data filter
  • Use
  • Manage control objectives and policies
  • Create policy
  • Manage compliance of policy
  • Approve and publish policy
  • Acknowledge policy
  • Set up policy acknowledgement campaign
  • Create audience
  • Submit acknowledgement request
  • Respond to acknowledgement request
  • Retire policy
  • Create article template
  • Create control objective
  • Manage control objective
  • Control assessment through attestation
  • Respond to attestations from Employee Center
  • Respond to attestations on the Risk Portal
  • Respond to attestations from Compliance Workspace
  • UI updates for GRC attestation
  • Group assessments for control attestations
  • Combine assessments for control attestations
  • Perform CRI tiering questionnaire
  • Perform CRI profile assessment
  • Deactivate control objective
  • Relate control objective to policy
  • Relate control objective to citation
  • Create citation
  • Create authority document
  • Deactivate authority document
  • Manage policy exceptions and extensions using the Compliance Workspace
  • Request a policy exception using the Compliance Workspace
  • Manage policy exception from the overview page
  • Review the policy exception and extension request using the Compliance Workspace
  • Assess risks of policy exception using advanced risk assessments
  • Set up advanced risk assessments for policy exception
  • Manage issues using the Compliance Workspace
  • Manually create GRC issues using the Compliance Workspace
  • Compliance Workspace issue form details
  • Group similar issues under a new parent issue using the Compliance Workspace
  • Group similar issues under an existing parent issue using the Compliance Workspace
  • Linking issues to multiple objects using Many-to-many table relationship
  • Triage self-identified issues
  • Remediate an issue using the Compliance Workspace
  • Manage controls using the Compliance Workspace
  • Create a control using the Compliance Workspace
  • Linking automatically generated issues to a control in Many-to-many relationship
  • Testing common control and implementing results on multiple reliant entities
  • Convert standard control to common control and add reliant entities
  • Impact of common control on compliance score calculation
  • Entity enhancements to support common controls
  • Group assessments for similar assessments
  • Compliance score calculation of an entity
  • Set up the steps required for entity compliance score calculation
  • Determining the logic in calculating compliance score
  • Manage control indicators using the Compliance Workspace
  • Create a control indicator using the Compliance Workspace
  • Create a GRC indicator template using the Compliance Workspace
  • Performance enhancements for Indicator nightly job
  • Manage evidence requests using the Compliance Workspace
  • Request evidence during audits using the Compliance Workspace
  • Provide requested evidence using the Compliance Workspace
  • Approve evidence before evidence review using the Compliance Workspace
  • Accept, reject, or cancel an evidence request using the Compliance Workspace
  • Review related evidence using the Compliance Workspace
  • Control objective workflow
  • Enable the control objective workflow
  • Create and publish a control objective
  • Edit a published control objective
  • Configure approval rules for control objective review
  • View dashboards in Compliance Workspace
  • Policy authoring and redlining in Compliance Workspace
  • Import policy text for redlining
  • Pre-requisites to enable policy redlining feature
  • Creating and associating policy texts from Cloud documents
  • Personal authentication and document access permissions in policy authoring
  • Enable personal authentication for policy authoring
  • Connection and credential alias for personal authentication in Policy authoring
  • Create and associate a policy text document in Microsoft OneDrive
  • Connect an existing document in Microsoft OneDrive to policy
  • Upload a Microsoft Word document to Microsoft OneDrive
  • Create and associate a policy document in Microsoft SharePoint
  • Connect an existing document in Microsoft SharePoint
  • Upload a Microsoft Word document to Microsoft SharePoint
  • Create and associate a policy text document in Google Drive
  • Connect an existing document from Google Drive to policy
  • Upload a Microsoft Word document to Google Drive
  • Sync document and view policy text
  • Provide document access to policy users
  • Complete publishing checklist and request policy approval
  • View the history of a redlining-enabled policy
  • Set up dynamic approval configuration on a policy record
  • Policy dynamic approval setup
  • Policy dynamic approval setup with redlining
  • 360° Relationship Visualization for Policy and Compliance Management
  • Policy as Code Engine for Preventive compliance management
  • Configure compliance data source registry
  • Map PaCE policy to a control objective
  • GRC: Policy and Compliance integrator
  • Workflow for GRC: Policy and Compliance integrator
  • Use Policy and Compliance integrator
  • Manage content integration batch records
  • Assign library import task
  • Approve library import task
  • DevOps Accelerator plugin
  • Manage continuous monitoring for controls between Configuration Compliance and Policy and Compliance Management
  • Managing mobile experience for GRC Policy and Compliance
  • Setup checklist for the GRC Mobile application
  • Log in to the GRC Mobile application
  • Process pending Policy and Compliance Management approval requests with the GRC Mobile application
  • Process pending approvals for Policy exceptions with the GRC Mobile application
  • Assign Policy and Compliance Management indicator tasks with the GRC Mobile application
  • Assign Policy and Compliance Management issues with the GRC Mobile application
  • Assign Policy and Compliance Management remediation tasks with the GRC Mobile application
  • Reassign overdue Policy and Compliance Management attestations with the GRC Mobile application
  • Reassign overdue Policy and Compliance Management issues with the GRC Mobile application
  • Filter records with the GRC Mobile application
  • Policy and Compliance Management reference
  • Components installed with Policy and Compliance Management
  • Domain separation in GRC: Policy and Compliance Management
  • Analytics and Reporting solutions for GRC: Policy and Compliance Management
  • Compliance Overview Performance Analytics dashboard
  • Policy Overview Performance Analytics dashboard
  • Policy Exception Overview Performance Analytics dashboard
  • Policy Acknowledgement dashboard
  • My Attestation Overview dashboard
  • GRC Attestation Overview dashboard
  • NIST Cybersecurity Framework Overview dashboard
  • NIST Framework Profiling Overview dashboard
  • Application Risk and Compliance Overview dashboard
  • Privacy Management
  • Explore
  • Processing activities
  • Understanding Processing activity hierarchy
  • Hierarchy tab
  • Classic assessments
  • Smart assessments
  • Risk assessments
  • Risk Assessment Methodology (RAM)
  • Privacy assessment configurations
  • Information objects
  • Privacy Workspace for the privacy manager
  • Processing activity tab
  • Risk and compliance tab
  • Operations tab
  • Privacy cases tab
  • Privacy Workspace for the privacy analyst
  • Privacy Management solution
  • Data subject types
  • Configure
  • Download application
  • Manage information objects
  • Create
  • Configure categories
  • Classify as personal information
  • Configure smart assessment templates for screening assessments
  • Configure smart assessment templates for impact assessments
  • Create a privacy assessment
  • Write a processing activity script
  • Map a control objective to a question response
  • Map an information object to a question response
  • Map a risk statement to a question response
  • Map the processing activity fields to a question response
  • Create and validate an assessment configuration
  • Map a table with a processing activity
  • Use
  • Entity scoping to plan a privacy program
  • Discover processing activities involving personal data
  • Types of privacy assessments
  • Initiating privacy assessments
  • Send a privacy assessment from an entity
  • New privacy assessment creation form
  • Send a privacy assessment to multiple entities
  • Send a privacy assessment from a processing activity
  • Send privacy assessments from multiple processing activities
  • Create a Risk Assessment Methodology
  • Risk assessment methodology form
  • Respond to a smart assessment
  • Respond to a screening assessment
  • Review a privacy assessment
  • Create or update a processing activity
  • Create or manage an information object
  • Modify an information object
  • Add data subject type to a processing activity
  • Add data subject type to privacy impact assessment
  • Classify data subject type as vulnerable
  • Add a regulatory agency
  • Regulatory agency form
  • Create a lineage for a processing activity
  • Edit a lineage
  • Delete a lineage
  • Update maximum node level
  • Create or manage a control on a processing activity
  • Delete a control from a processing activity
  • Create or manage risks on a processing activity
  • Manage chat collaborations of a processing activity
  • Create or add issues on a processing activity
  • Access control by legal entity
  • Configuring access control
  • Entity-based access configuration
  • Create an entity configuration
  • Add hierarchical relationships
  • Set access restrictions using an entity based record access update utility
  • Set Entity-based record access rules
  • Integrate Employee Center and Risk portal
  • Privacy Case Management
  • Explore
  • Home page
  • Overview page
  • Workflow
  • Smart assessments
  • Privacy breach assessments
  • Overview page of a breach assessment
  • States of a privacy breach assessment
  • Elements of a privacy breach assessment
  • Configure
  • Install
  • Create a view rule
  • View rule form
  • Create an assignment rule
  • Assignment rule form
  • Create state model transition
  • Define the workflow states for a privacy case
  • Define model state transitions
  • GRC model state transition condition form
  • Create a privacy case assessment template
  • Assessment metric type form
  • Configure inbound email to enable privacy case creation
  • Configure Record Type Area
  • Configure privacy breach assessment
  • Create a breach factor type
  • Create breach factors
  • Create a PI data element type
  • Create PI data elements
  • Create a region
  • Create a jurisdiction
  • Use
  • Report a privacy case
  • Report a privacy case from the Employee Center
  • Employee Center privacy case creation form
  • Create a privacy case in the Privacy Workspace
  • Privacy new case form
  • Report a privacy case through email
  • Report a privacy case anonymously
  • Anonymous privacy case form fields
  • Initiate a breach assessment from a case
  • Work on a privacy breach assessment
  • Case task workflow
  • Create a case task
  • Case task form
  • Work on a case task
  • Reassign an assessment type case task
  • Review and close a case task
  • Add an impacted area to a privacy case
  • Add PI information objects to a privacy case
  • Add key stakeholders to a privacy case
  • Add a related area to a privacy case
  • Add causes and consequences to a privacy case
  • Cause and consequence form
  • Add a privacy regulation related to a case
  • Add or create an issue for a privacy case
  • Export a privacy case as a PDF
  • Send an email from a privacy case
  • Perform smart assessment on privacy action task
  • Integrate for RadarFirst
  • Reference
  • Components installed with Privacy Case Management
  • Personal Data Rights (PDR)
  • Explore
  • Workflow
  • Workspace
  • Configure
  • Configure request type
  • Personal Data Rights request type form
  • Create an action task template
  • Create a data registry
  • Generate action tasks for a request
  • Use
  • Create request from PDR Workspace
  • Personal data rights request form
  • Add action tasks to a request
  • New action task form
  • Accept and work
  • Now Assist for Privacy Management
  • Install Now Assist for Privacy Management
  • Use Risk assessment summarization skill to generate summary
  • Summarize an issue
  • Use Recommendation of similar control objectives skill to generate suggestions
  • Act on the recommendations
  • Review rationalization process
  • Case summarization for privacy cases
  • Summarize a privacy case
  • Reporting
  • Home page
  • Processing activity overview page
  • Reference
  • Tables installed
  • Roles installed
  • Roles and tables installed with PDR
  • Email notifications
  • Uses of a processing activity
  • Workflow
  • Domain separation
  • Regulatory Change Management
  • Explore
  • RCM in the Compliance Workspace
  • Differences between regulatory event alert and source document alert
  • Regulatory process flow and tasks
  • Source document import tasks
  • Impact assessments for the regulatory alerts
  • Regulatory assessment for a regulatory alert
  • Next Experience Discuss and Chat Collaboration
  • Now Assist in RCM
  • Configure
  • Download and install
  • Setup checklist
  • Set up the RSS feeds infrastructure
  • Activate and pull RSS feeds
  • Set up RSS feed sources
  • Map the taxonomy
  • Configure a provider taxonomy configuration record
  • Manage feed request responses
  • Admin module
  • Integrate
  • Overview of RSS feeds
  • General guidelines
  • Overview of regulatory taxonomy
  • Use
  • Create an action task
  • Create an issue related to regulatory tasks
  • Regulatory Change Management Core UI
  • Regulatory alerts
  • Perform actions on regulatory alerts
  • Add an AI-recommended citation to a regulatory alert
  • Manage and assign regulatory event alerts
  • Train and use the similarity solution to recommend citations on regulatory alerts
  • Auto-assign configuration for regulatory alerts
  • Similarity Definition Form
  • Manage and assign source document alerts
  • Regulatory change tasks
  • Users and associated actions for the regulatory change tasks
  • Manage the regulatory change tasks
  • Source document import tasks
  • Users, associated actions, and states for the source document import tasks
  • Manage the source document import tasks
  • Manage regulatory tasks
  • Regulatory alerts
  • Link Change tasks
  • Change tasks
  • Link Action tasks
  • Regulatory event alerts view
  • Impact radius for regulatory events
  • Source document alerts
  • Respond to a regulatory assessment
  • Respond to a regulatory alert risk assessment
  • Assess the impact of a regulatory alert
  • Create regulatory event alerts manually
  • Assign a regulatory event alert to a coordinator
  • Assess the impact of a regulatory event alert
  • Manage regulatory change tasks
  • Regulatory Change Task form
  • Manage a source document import task
  • Assign a source document alert to a coordinator
  • Create a new action task for the alert
  • Complete the action task associated with the alert
  • Create or add an issue related to a regulatory task
  • Create New Issue form
  • Associating an AI-recommended citation to an open regulatory alert
  • Action tasks in Regulatory Change Management
  • Import the regulatory event alerts in bulk
  • Manage the taxonomy
  • Export a report to PDF
  • Overview page and dashboard views
  • Tasks page in the Compliance Workspace
  • Reference
  • User roles
  • Types of alerts, user roles, and states of regulatory alerts
  • Email notifications in Regulatory Change Management
  • Roles and tables installed with Regulatory Agency Library
  • Risk Management
  • Explore
  • GRC Risk Workspace
  • Risk Workspace for the operational risk manager
  • Risk Workspace for the business operational risk manager
  • Risk Workspace for the IT risk manager
  • User experience enhancements in the Risk Workspace
  • GRC Risk Portal
  • Advanced Risk Assessments in the Risk Workspace
  • Advanced Risk Assessment
  • Workflow of Advanced Risk Assessment
  • Factors in Advanced Risk Assessment
  • Types of risk rating methodologies
  • Transformation criteria
  • Any object assessment using Advanced Risk Assessment
  • Delegation of risk assessment
  • Understanding the risk assessment instance
  • Managing risk responses
  • Risk score rollup in Advanced Risk Assessment
  • Privacy risk management
  • Risk score rollup in Privacy Management
  • Manage risk assessment scheduler
  • Integration of advanced risk assessments with risks and controls
  • Risk appetite and tolerance in Advanced Risk
  • Target risk assessment in Advanced Risk
  • Manage risk events
  • Business process management
  • Exploring the entities
  • Entities
  • Entity types in GRC
  • Entity classes in GRC
  • Entity tiers in GRC
  • Manage risks, risk statements, and risk frameworks
  • Workflow of a risk using Advanced Risk
  • Manage risks linked to the same risk statement
  • Risk hierarchy and scoring
  • Association of entities at any level of a risk statement
  • Manage classic risk assessments
  • Risk indicators, control indicators, and indicator templates
  • Manage risk issues and remediation
  • Reporting views from Risk Assessment Methodology
  • Configure
  • Risk Management implementation
  • Download Risk Management
  • Install Risk Management
  • Setup checklist for the Risk Management application
  • Setup checklist for GRC Advanced Risk
  • Download Advanced Risk
  • Risk Management detailed setup
  • Quick start tests for GRC Advanced Risk
  • Configure Risk Management
  • Risk Management Administration
  • Quick start tests for Risk Management
  • Set up checklist for the GRC Mobile application
  • Risk appetite setup
  • Configure a risk appetite and tolerance in Advanced Risk
  • Set up a risk appetite scale
  • Change a risk appetite status
  • Modify Advanced Risk messages
  • Create related list groupings in Advanced Risk
  • Integrate
  • Project Risk Assessment using Advanced Risk Assessment
  • Workflow of project risk assessment
  • Configure Project Portfolio Management and Advanced Risk integration
  • Assign project risks to stakeholders for assessment
  • Assess project risks using Advanced Risk Assessment
  • Elevate a project risk to enterprise risk
  • Application risk assessment using Advanced Risk Assessment
  • Workflow of risk identification for business applications
  • Set up risk identification integration
  • Respond to an application questionnaire
  • Create a smart assessment template for risk identification
  • Review responses and perform inherent risk assessment
  • Associate risks, citations, policies, and controls with a risk identification record
  • Recommendation engine for risk and compliance mapping
  • Information objects
  • Integration of advanced risk assessment with other applications
  • Integration of Employee Center and GRC
  • Manage continuous monitoring for risks between Risk Management and Vulnerability Response
  • Integrating Microsoft 365 with Management Reporting of Risk
  • Workflow of Management Reporting of Risk
  • Install the ServiceNow Reporting add-in for risk reporting
  • Set up Microsoft 365 reporting configuration in risk
  • Configure a business domain role in Management Reporting of Risk
  • Add additional reporting configuration filters for a Microsoft 365 configuration record in risk
  • Add the ServiceNow Document designer add-in into Microsoft Word
  • Import risk data in to a Microsoft Word
  • Use
  • Mobile experience for GRC Risk Management
  • Log in to the GRC Mobile application
  • Process pending Risk acceptance tasks with the GRC Mobile application
  • Assign Risk Management indicator tasks with the GRC Mobile application
  • Assign Risk Management issues with the GRC Mobile application
  • Assign Risk Management remediation tasks with the GRC Mobile application
  • Reassign overdue Risk Management assessments with the GRC Mobile application
  • Reassign overdue Risk Management issues with the GRC Mobile application
  • Filter records with the GRC Mobile application
  • Use Risk Events
  • Configure risk event integration
  • Create a risk event response template
  • Risk Event Response Template form
  • Define a threshold amount for the risk event response template
  • Financial Impact Approval Thresholds
  • Report risk events from the Service Portal
  • Report a risk event from Employee Center
  • Report a risk event from an incident
  • Create a risk event task
  • Analyze a risk event
  • Create a risk event entry
  • Approve a risk event
  • Close a risk event
  • Reopen a closed risk event
  • Add a risk event cause to the cause library
  • Add a risk event consequence to the consequence library
  • Set up GRC Virtual Agent to report risk events
  • Perform Advanced Risk Assessment
  • Create a manual factor
  • Create a group factor
  • Scoring logic for predefined formulas for group factors
  • Create an automated factor
  • Create a scripted automated factor
  • Copy a factor
  • Configure a risk assessment methodology
  • Risk Assessment Methodology form
  • Copy a risk assessment methodology
  • Retire a risk assessment methodology
  • Configure an inherent assessment
  • Inherent Assessment form
  • Configure a control effectiveness assessment
  • Control Assessment form
  • Configure a residual assessment
  • Residual Assessment form
  • Configure a target assessment
  • Target assessment form
  • Create risk color styles
  • Configure risk heatmaps
  • Create a risk assessment scope and initiate assessments
  • Simulate a risk assessment
  • Assess risks and objects on an assessment instance
  • Assess risks
  • Create a risk assessment using the Risk Assessment Designer
  • Create an assessment type
  • Assess risk for a policy exception
  • Assess a risk
  • Manage a business process
  • Create a business process
  • Approve, reject, or delete a business process
  • Create a risk framework and associate risk statements to it
  • Define risk statement hierarchy
  • Create a risk statement
  • Visualize risk hierarchies using the GRC: Workbench
  • Generate a risk from a risk framework
  • Generate a risk from a risk statement
  • Relate risks to each other
  • Create a risk manually
  • Follow a risk
  • Add a control to a risk
  • Manually create issues
  • Report issues from the Service Portal
  • Issue assignment using the Governance, Risk, and Compliance Predictive Intelligence plugin
  • Train and use the similarity solution definition for issue assignment prediction
  • Use entity and risk dependencies using the GRC: Workbench
  • Activate GRC: Workbench
  • Create entity class using the GRC: Workbench
  • Create relationships between entity classes using the GRC: Workbench
  • Associate a risk framework or risk statement with an entity type to generate risks
  • Visualize and edit entity dependencies using the GRC: Workbench
  • Delete entity dependencies using the GRC: Workbench
  • Delete an entity class using the GRC: Workbench
  • Create a risk using the GRC: Workbench
  • Visualize and edit risk dependencies using the GRC: Workbench
  • Delete risk dependencies using the GRC: Workbench
  • Monitor risks using GRC Performance Analytics Indicators
  • Activate performance analytics integration
  • Associate PA indicator with risk or control objective
  • Associate PA indicator with risk or control
  • Update associated indicators
  • Create GRC indicator template
  • Create a risk indicator
  • View the Risk Overview
  • Use Risk Workspace
  • Create a risk framework in the Risk Workspace
  • Create a risk statement in the Risk Workspace
  • Associate a risk statement with a control objective in the Risk Workspace
  • Common controls in Risk Management
  • Create and run a manual risk indicator in the Risk Workspace
  • Create and run a basic risk indicator in the Risk Workspace
  • Create and run a scripted risk indicator in the Risk Workspace
  • Issue management in the Risk Workspace
  • Create a risk assessment scope in the Risk Workspace
  • Schedule risk assessments in the Risk Workspace
  • Perform advanced risk assessment in the Risk Workspace
  • Perform any object assessment in the Risk Workspace
  • Workflow of risk response task
  • Workflow of action item in risk response task
  • Create a risk response task in the Risk Workspace
  • Create an action item in the risk response task
  • Create New Action Item form
  • Workflow for risk identification in the Risk Workspace
  • Create a risk event in the Risk Workspace
  • Associate similar risk events
  • Categorizing risks with the Governance, Risk, and Compliance: Predictive Intelligence plugin
  • Analyze a risk event in the Risk Workspace
  • Create a risk event entry in the Risk Workspace
  • Create an ORX external event
  • Report a risk event from the Risk Portal
  • Chart colors for risk data
  • Create a business process in the Risk Workspace
  • Add related assets to a business process
  • Create a test plan in Risk Workspace
  • Filter data in the risk heatmap workbench
  • Define the risk appetite for an entity
  • Risk appetite fields on the Entity form
  • Define the risk appetite for a risk
  • Risk appetite fields on the Risk form
  • Define the risk appetite for a risk statement
  • Risk appetite fields on the Risk Statement form
  • Parallel Review and Feedback in Advanced Risk
  • Parallel Review and Feedback workflow
  • Feedback dashboard
  • Configure a feedback integration
  • Feedback integration configuration form
  • Create feedback in Advanced Risk
  • Create feedback in the Risk Workspace
  • Create New Feedback form
  • Create Feedback from the record side panel
  • Feedback Details form
  • Initiate a chat from Sidebar in Parallel Review and Feedback
  • Respond to the feedback
  • Review and close the feedback
  • Roles for Parallel Review and Feedback
  • Risk assessment project
  • Workflow of risk assessment project
  • Create a risk assessment project
  • Perform assessment on a risk assessment project in stacked view
  • Perform assessment on a risk assessment project in grid view
  • Reassess a risk assessment project
  • Reassign assessor for a risk assessment project
  • Matrix report in Risk Workspace
  • Configure Matrix report registry
  • Create Matrix report configuration for Risk Workspace
  • Matrix report configuration form
  • View matrix report in the landing page and record page of Risk Workspace
  • GRC: Metrics in Integrated Risk Management
  • Explore
  • Components of GRC: Metrics
  • Metric definition types
  • Thresholds in Integrated Risk Management
  • Metric data table
  • Configuring metrics
  • Create a manual metric definition
  • Create New Metric Definition form
  • Create an assignment configuration
  • Create an automated metric definition
  • Automated metric definition form
  • Create a calculated metric definition
  • Calculated metric definition form
  • Formula building in a calculated metric definition
  • Configure the formula builder
  • Create a formula
  • Update a metric definition
  • Create a metric
  • Create New Metric form
  • Create a metric unit
  • Convert metric data to a different unit
  • Update a metric
  • Update a manually created metric
  • Create a threshold for a metric definition
  • Metric Definition Threshold form
  • Copy thresholds
  • Customize threshold colors
  • Using GRC: Metrics to provide data
  • Provide data for a metric data task
  • Provide responses for multiple metrics
  • Review a metric data task
  • Override metric data task response
  • Override metric data
  • Reviewing calculation details with formula trees
  • View the calculation breakdown in a formula tree
  • Reference
  • Components installed with the GRC: Metrics application
  • Analytics and reporting solutions for Risk Management
  • Operational risk heatmap for Advanced Risk Assessment in the Risk Workspace
  • Risk heatmap for classic risk assessment
  • Risk heatmap workbench
  • Operational Risk Management dashboard
  • GRC Advanced Risk plugin indicators
  • GRC Audit Management plugin indicators
  • GRC Policy and Compliance Management plugin indicators
  • GRC Risk Management plugin Performance Analytics indicators
  • GRC Profiles plugin indicators
  • Risk register in the Risk Workspace
  • Project Risk Overview dashboard
  • Risk Identification Overview dashboard
  • Basel dashboard
  • GRC Risk Overview dashboard
  • Advanced Application Risk dashboard
  • Performance Analytics dashboards for risk events and risk hierarchy
  • Advanced risk assessment dashboard
  • Reference
  • Components installed with Risk Management
  • Roles installed with Risk Management
  • Roles installed with the GRC Risk Workspace
  • Properties installed with Risk Management
  • Tables installed with Risk Management
  • Components installed with Advanced Risk
  • Tables installed with Advanced Risk
  • Roles for performing advanced risk assessment
  • Properties installed with Advanced Risk
  • Business process roles
  • Domain separation in Risk Management
  • Smart Assessment Engine
  • Exploring Smart Assessment Engine
  • Accessing templates in the Assessment Workspace
  • Domain separation and Smart Assessment Engine (SAE)
  • Configure
  • Triggering assessments
  • Configure the Trigger Smart Assessment Flow action
  • Trigger assessments from a script
  • Creating an assessment template from legacy assessment metric types
  • Migrate a legacy metric type to an assessment template
  • Manage
  • Use template designer
  • Create an assessment template
  • Create assessment template form
  • Add instructions and questions to an assessment template
  • Create a text question
  • Create a drop-down list question
  • Create a radio button question
  • Create a check box question
  • Create a number question
  • Create a reference question
  • Create an attachment question
  • Create a date question
  • Create a code question
  • Add reference information to an assessment template
  • Create an assessment template category
  • Copy an assessment template
  • Scoring assessments
  • Scoring results
  • Configure scoring for an assessment
  • Scoring forms
  • Normalization in assessment
  • Score normalization
  • Configure normalization in assessment
  • Create a normalization strategy
  • Edit a normalization strategy
  • Retire a normalization strategy
  • Delete a normalization strategy
  • Automate response
  • Configure an automatic response for a question
  • Post-assessment automations
  • Configure post-assessment actions
  • Link subflow to template category
  • Quick edit for published templates
  • Modify a published template using quick edit
  • Respond to assessments
  • Respond to an assessment
  • Submit an assessment
  • Reassign an assessment
  • Filtering questions in an assessment
  • Filter questions in an assessment
  • Adding attachments to assessment
  • Adding comments to assessments
  • Cancel assessment
  • Copying responses from previous assessments
  • Combining assessments and copying responses
  • Submit combined assessments
  • Collaboration in assessments
  • Manage assessment contributors
  • Now Assist
  • Explore
  • Smart assessment response assist skill
  • Configure
  • Activate smart assessment response assist skill
  • Create an assessment template category
  • Use generative AI skills
  • Generate AI-driven draft responses for smart assessment
  • Reference
  • Components installed with Smart Assessment Engine
  • Roles installed in Smart Assessment Engine
  • Trigger Smart Assessment flow action
  • Settings in the Test action pop-up window
  • Trigger Smart Assessment action form
  • How legacy metric types are migrated to sections in templates
  • Results of migrating a metric category to an assessment template
  • Third-party Risk Management
  • Explore
  • Risk profile
  • Why conduct due diligence
  • Types of due diligence
  • Reasons for multiple engagements with one third party
  • Types of engagement with third parties
  • Regulations that affect third-party risk
  • Benefits of your TPRM program
  • Onboarding third party example
  • Due diligence workflow
  • Smart Assessment Engine
  • Configure
  • Assign roles to users and groups
  • Add users to groups
  • Configure properties
  • Enable risk concentration map
  • Enable email with third-party contacts
  • Update email notification header and footers
  • Import existing data
  • Configure related lists for vertical navigation on record pages
  • Run quick start tests
  • Classic assessments
  • Risk rating scales for scoring
  • Third-party risk domains
  • Third-party risk area criteria
  • Component criteria
  • Third-party risk scoring rules
  • Engagement risk scoring rules
  • Event-driven management rules
  • View the run history
  • View generated assessments
  • Recall event-driven questionnaires and doc requests
  • Normalize scores for metrics
  • Set up a question bank
  • Define a question
  • View the sample questions
  • Create an external assessment template
  • Configure a scheduled risk assessment
  • Import a questionnaire from a spreadsheet
  • Create a questionnaire or document request template
  • Create templates using the designer
  • Create an issue generation rule
  • Set up internal responses to attach external questionnaires to assessments
  • Smart Assessment Engine assessments
  • Migrating from Classic Assessment Engine to Smart Assessment Engine
  • Migrate templates to SAE format
  • Create a TPRM SAE questionnaire or document request template
  • Managing TPRM SAE templates with Unified Content Management
  • Activate or update Smart Assessment templates
  • Integrate
  • TPRM with Policy and Compliance Management
  • Add a control
  • Create new control form
  • Add a control objective
  • Control objectives form
  • TPRM with Risk Management
  • Add a risk
  • Create new risk form
  • Scores from risk intelligence providers
  • Register a risk intelligence provider
  • Set up a risk intelligence provider service
  • Set up a provider request type
  • Add a risk intelligence score to a third party
  • Automate actions upon risk intelligence updates
  • TPRM with EcoVadis
  • Create an EcoVadis connection and configuration
  • Customize EcoVadis system properties
  • View EcoVadis scores
  • Risk intelligence providers
  • Request due diligence
  • Request engagement due diligence
  • Offboarding engagements without due diligence
  • Assess third-party risk
  • Create internal assessments
  • Respond to internal assessments
  • Create external assessments
  • Respond to questionnaires for a third party or engagement
  • Review responses to external questionnaires
  • Reopen an assessment
  • Create an issue
  • Manage issues
  • Create a task
  • Manage a task
  • Export responses to a spreadsheet
  • Monitor third-party risk
  • Overview of a third party
  • Viewing summarized third party risk information
  • Viewing general third party information
  • Viewing third-party subsidiary risk information
  • Viewing fourth-party information
  • Viewing risk intelligence scores
  • Overview of an engagement
  • Viewing summarized engagement risk information
  • Viewing third-party risk reports
  • TPRM Home page
  • TPRM Due diligence management reports
  • TPRM Risk activity page
  • TPRM Dashboards page
  • TPRM Risk concentration map
  • TPRM Task page
  • TPRM Unified content management page
  • TPRM List page
  • Monitor data using dashboards
  • Create a TPRM dashboard
  • Edit TPRM dashboard details
  • Edit TPRM dashboards
  • Edit TPRM dashboard elements
  • Share a TPRM dashboard
  • Delete a TPRM dashboard
  • Monitoring the due diligence request process
  • Monitoring your fourth-nth parties
  • Register a fourth-nth party
  • Create a fourth-nth party record
  • Promote a fourth-nth party to a third party
  • Monitoring third-party elements
  • Create a third-party element record
  • Add a third-party element record to an engagement
  • Tracking a managed activity
  • Approve or reject due diligence requests
  • Set up the approval levels for DD requests
  • Set up the approval rules for DD requests
  • Manage the contract process
  • Accessing DD requests in the contract risk process
  • Now Assist
  • Exploring
  • Issue summarization skill
  • Issue recommendation skill
  • Supporting information
  • Configure
  • Activate issue summarization skill
  • Activate issue recommendation skill
  • Use generative AI skills
  • Generate a summary of a TPRM issue
  • Generate TPRM issue recommendations
  • Act on the recommendations for issues
  • DMS system
  • Create a document
  • Create new document form
  • Create a document version
  • Define document sharing permissions
  • Link documents to a TPRM record
  • Use digital resilience third-party registers
  • Create a legal entity and enhance digital resilience data
  • Create New Company form
  • Create New Legal entity form
  • Create a branch and enhance digital resilience data
  • Create New Branch form
  • Create a function and enhance digital resilience data
  • Create New Function form
  • Create a third party and enhance digital resilience data
  • Create New Company form
  • Create New ICT third-party service provider form
  • Create an engagement and enhance digital resilience data
  • Create New Third-party engagement form
  • Add Digital resilience information to engagements
  • Create a contract and enhance digital resilience data
  • Create New Contract form
  • Create New Contractual arrangement form
  • Create a supply chain and enhance digital resilience data
  • Create an assessment and enhance digital resilience data
  • Create a Microsoft Excel download request
  • Create New Excel download/upload request form
  • Create records in bulk
  • Update existing records in bulk
  • Register of information regulatory packages
  • Generate a RoI package
  • Validation framework for RoI
  • Validate Register of Information packages
  • Currency conversion and third-party total expense aggregation
  • Convert and aggregate contractual expenses to regulator-required currencies
  • Manage the third-party portal
  • Set up third-party contacts
  • Manage the access for your third-party contacts
  • E-signatures on questionnaires or document requests
  • Upload and manage documents in the portal
  • TPRM and the Explicit Roles plugin
  • Using a Microsoft Excel spreadsheet template for external questionnaires
  • Respond using a Microsoft Excel template
  • Using the SIG questionnaire for a risk assessment
  • Respond using the SIG
  • Use risk intelligence reports and scores
  • Request a RI report
  • Request a RI report associated with a DD request
  • Track sanctions-related information
  • Reference
  • Terminology
  • Roles in TPRM
  • Unique ID numbers for TPRM records
  • Results of migrating a template to a TPRM SAE template
  • Guidelines for importing spreadsheet data
  • Sample questionnaires
  • Due diligence request process management
  • Request third-party risk due diligence request form
  • IRQ process management
  • Create new internal assessment form
  • Third-party (external) risk assessment management
  • Life cycle states of a external assessment
  • Assessment metric type form
  • Create new external assessment template form
  • Create New TPRM SAE questionnaire template form
  • Third-party risk assessment form
  • Third-party element form
  • Approval process management
  • Approval rule form
  • Risk intelligence report requests management
  • Risk intelligence report request form
  • Scoring calculations using the classic assessment engine
  • Verifying scoring calculations using the classic assessment engine
  • Third-party risk management data model
  • Domain separation and Third-party Risk Management
  • Vendor Risk Overview reports — Legacy view
  • Common GRC features
  • Now Assist
  • Explore
  • AI-driven regulatory alert summarization skill
  • AI-generated recommendations for a regulatory alert skill
  • Control Objective Impact Analyzer skill
  • Control Objective Change Agent
  • issue-summarization-skill
  • Get regulatory analysis workflow
  • Generate regulatory action plan workflow
  • Supporting information
  • Suggest potential risks workflow
  • Report a GRC issue AI agent
  • Case summarization for compliance cases
  • Configure
  • Activate skills
  • Activate the rationalization skill for control objective
  • Activate common control objective creation skill
  • Activate Control Objective Impact Analyzer
  • Activate the Control Objective Change Agent
  • Activate regulatory alert summarization skill
  • Choose input data form
  • Activate regulatory alert recommendation skills
  • Customize a skill
  • Customize Issue summarization skill
  • Activate agentic workflows
  • Activate the get regulatory analysis agentic workflow
  • Activate the generate regulatory action plan agentic workflow
  • Activate the Report a GRC issue AI agent
  • Post activation indexing and customization
  • Activate GRC case summarization
  • Case summarization configuration fields
  • Use agentic AI
  • Agentic workflows in Risk & Sustainability
  • Optimize issue resolution
  • Get regulatory analysis
  • Generate regulatory action plans
  • Suggest potential risks for an entity
  • AI agents in Now Assist for IRM
  • Use Control Objective Change Agent to update control objectives
  • Report a GRC issue
  • Use generative AI skills
  • Summarize an issue
  • Generate a regulatory alert summary
  • Generate recommendations for regulatory alert impacted areas
  • Act on the recommendations for citations
  • Act on recommendations for control objectives
  • Act on recommendations for controls
  • Act on recommendations for policies
  • Add impacted areas manually to a regulatory alert
  • Generate a risk event summary in the classic UI
  • Generate a risk event summary in the Risk Workspace
  • Generate a risk assessment summary
  • Generate recommendation for similar control objective
  • Act on the recommendations
  • Review actions taken on rationalization process
  • Use Control Objective Impact Analyzer skill to identify control objectives
  • Summarize a compliance case
  • Assignment Configurator for non-regulatory alerts
  • Configure assignments
  • Regulatory Agency Library
  • Download and activate plugin
  • Add a regulatory agency
  • Create New Agency form
  • Add a regulatory contact to an agency
  • Create New Regulatory Contact form
  • Add a jurisdiction to an agency
  • Add an authority document to an agency
  • Compose and send an email
  • Recommendation contexts and templates
  • User roles
  • Extension points
  • Create a recommendation context
  • Recommendation context form
  • Create a recommendation template
  • Mobile experience for GRC
  • GRC notification redirection
  • Configure
  • Modify email notifications
  • GRC application nomenclature
  • GRC content packs
  • SOX content pack
  • Install
  • Verify in Policy and Compliance Management
  • Verify in Risk Management
  • Verify in Audit Management
  • Dashboard and reports
  • GRC integrations
  • Integration with Thomson Reuters Regulatory Intelligence (TRRI)
  • Install application
  • Establish an SFTP or REST API connection
  • Modules in Thomson Reuters Regulatory Intelligence (TRRI)
  • GRC: integrations with third-party content
  • User roles for the integration process
  • Create a user
  • Standardized Information Gathering (SIG) Questionnaire Integration
  • Install
  • Verify in Third-party Risk Management
  • GRC use case accelerators
  • Cyber Risk Institute accelerator
  • Cybersecurity Controls Accelerator
  • Financial Services Control accelerator
  • NIST CSF Use Case Accelerator
  • Install
  • Verify
  • Supporting concepts
  • Tables
  • Dashboards and reports
  • Process overview
  • Identify the core framework
  • Review the framework core
  • Align and prioritize cybersecurity activities
  • Generate a target for an entity
  • Set up target for NIST CSF framework
  • Orient target
  • Create activity
  • Perform gap analysis
  • Review action plan
  • NIST RMF Use Case Accelerator
  • Install
  • Verify
  • Supporting concepts
  • Dashboards and reports
  • Process overview
  • Categorize targets
  • Generate target from profile or entity type
  • Set up a target for use with NIST RMF
  • Perform preliminary risk assessment and impact analysis
  • Monitor the NIST RMF Categorize Overview
  • Select baseline control definitions
  • Review baseline controls
  • Tailor baseline controls
  • Implement security controls
  • Manage and implement controls
  • Manage and implement control tests
  • Assess controls, risks, issues, and remediation tasks
  • Review and perform control attestations
  • Review and evaluate control effectiveness
  • Manage and address risks
  • Review and perform risk assessments
  • Manage and address issues
  • Manage and address remediation tasks
  • Monitor the NIST RMF Assess dashboard
  • Authorize targets
  • Authorize targets
  • Monitor the NIST RMF Authorize dashboard
  • Monitor security controls
  • Review and manage indicators
  • Monitor the RMF Monitor dashboard
  • Technology Controls Monitoring Accelerator
  • Download
  • Ensure all appropriate indicator templates are activated
  • View your operational status
  • View the Cybersecurity Controls module
  • Use indicator templates
  • Indicator templates for controls
  • 360° Relationship Visualization
  • Download and activate
  • Set up
  • Explore
  • Tag records with functional domain
  • Functional domain bulk update
  • Bulk update functional domain for multiple records
  • Use the item generation process
  • Components installed
  • Operational changes of common controls
  • Use Approver Configurator for setting up approvals for setting up approvals
  • Set up an approval configuration record
  • Approval Configuration New Record
  • Assignment Configuration New Record
  • Assign an approval level
  • Approval Level New Record form
  • Set up an approval rule
  • Approval Rule form
  • Approval Rule New Record form
  • Base system tables configured with GRC: Approver Configurator
  • Roles installed with GRC: Approver Configurator
  • Confidential records
  • Create
  • Configure confidentiality in GRC tables
  • Confidentiality configuration form
  • Configure confidential inheritance
  • Create confidentiality inheritance
  • Confidentiality Inheritance Configuration form
  • User hierarchy
  • Create a user hierarchy configuration record
  • User group-based access on the GRC tables
  • Content references in GRC
  • Entity Based Access
  • Sample use case scenarios
  • User roles
  • Entity based record access update utility
  • Entity-based record access rules
  • Deactivate entity-based access configuration
  • Configure Entity Based Access
  • Install
  • Set up properties
  • Manage Entity Based Access
  • Configure access to an entity's related records
  • Entity configurations form
  • Configure an entity class for a linked object
  • Entity Class Configurations form
  • Configure an entity type for a linked object
  • Entity Type Configurations form
  • Set access restrictions using an entity based record access update utility
  • Configure entity-based record access rules
  • Deactivate
  • Reference
  • Entity based record access update utility configuration states
  • Entity-based access applicable record types
  • Manage issues
  • Issues in the Workspace
  • Configure an issue relationship
  • Steps to configure an issue relationship
  • Issue Relationship Configuration form
  • Group issues
  • Domain separation in GRC
  • Create a domain
  • Breadcrumb navigation
  • Taxonomy management in GRC
  • Landing Page Configurations module
  • Tasks Page Configuration module
  • Update the Tasks Page Configuration record
  • Issue Page Configuration module
  • Create a record
  • Link a record to a workspace
  • Update a record
  • My tasks in the workspace
  • Monitor my tasks
  • Explore entities
  • Entities
  • Composite entity
  • Create a composite entity
  • Create new composite entity form
  • Entities in workspace view
  • Create
  • Functionality enhancements
  • Entity scoping
  • Generate risks and controls from entity types
  • Create independent entities
  • Relate entities
  • Entity classes
  • Create
  • Update
  • Scheduled jobs
  • Entity class rules
  • Create
  • Create an entity class rule filter
  • Entity class rule filter fields
  • Entity types
  • Create
  • Entity filters
  • Create
  • Create an entity filter in the Core UI
  • Entity tiers
  • Create
  • View and update exceptions
  • Cybersecurity Executive dashboard
  • Advanced Application Risk dashboard
  • Licensing summary dashboard
  • Role hierarchy of a user
  • Microsoft Word based audit report templates using Document designer
  • Explore audit report templates
  • Configure document templates using Document Designer
  • Configure templates
  • Create data relationships
  • Create content configurations
  • Configure Data columns
  • Configure Intermediate filters
  • Define the scripted variables
  • Create an audit report template
  • Install the add-in
  • Reference information
  • Workspace page
  • Configure
  • Workspace page configuration form
  • Revert templates to an older version
  • Record type icons configured for forms in GRC Common Workspace Elements
  • GRC reference
  • Components installed
  • Common roles
  • Tables installed
  • GRC properties
  • Anonymous Reporting Center
  • Submit an anonymous case
  • Follow up on an anonymous report

Download Advanced Risk

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Before you run Advanced Risk in your instance, you must download it from the ServiceNow Store.

    Before you begin

    Role required: admin

    About this task

    GRC Risk Advanced provides access to the following features:
    • Manage risk events
    • Risk hierarchy and scoring

    Procedure

    Follow the instructions for Download a GRC application from the ServiceNow Store for the first time.
    Back to home page