Assessment templates reference
Summarize
Summary of Assessment templates reference
Assessment templates are delivered with the AI Risk and Compliance application to facilitate structured evaluations of AI systems and models. These templates are initially provided in a Draft state and must be published by users with theAI Risk and Compliance Adminrole via the Assessment Workspace before they can be used. AI case assessment templates, which support evaluation of AI-related cases, are included in the AI Case Management application and published separately within the same workspace.
Show less
ServiceNow provides these templates to help customers address regulatory requirements and governance needs related to AI systems. While ServiceNow supports updates aligned with regulatory changes, customers retain responsibility for their own compliance.
Key Features
- AI impact assessment: Evaluates potential impacts of AI systems on individuals, society, and organizations focusing on privacy, fairness, and fundamental rights. Uses a questionnaire approach with configurable mappings to risks and controls.
- AI impact assessment for EU AI Act conformity: Assesses whether an AI system falls under the EU AI Act and determines if further governance activities are needed.
- EU AI Act Conformity Assessment: Comprehensive review of high-risk AI systems against EU AI Act requirements including risk management, transparency, and human oversight.
- Fundamental Rights Impact Assessment (FRIA): Examines potential effects on fundamental rights for high-risk AI systems prior to deployment.
- High-risk AI assessment questionnaire: Gathers detailed information on potentially high-risk AI systems to inform governance and monitoring controls.
- AI Impact Assessment on AI asset inventory: Provides risk evaluation at the AI model level, useful for shared or distinct models requiring separate governance.
- AI case assessment questionnaire: Standardizes the evaluation of AI-related cases to support prioritization and root cause analysis during investigations.
Practical Use and Roles
Each template targets specific phases in AI governance such as assessment after use case submission, regulatory conformity checks, or case investigation. The roles authorized to publish and use these templates include AI asset owners, AI risk and compliance business users, analysts, managers, and case analysts. This ensures that relevant stakeholders can perform assessments aligned with their responsibilities.
Key Outcomes
- Streamlined and consistent evaluation of AI system risks, compliance, and impacts.
- Support for regulatory compliance efforts, particularly regarding the EU AI Act.
- Clear guidance on governance controls and monitoring requirements based on assessment results.
- Improved case management through standardized AI case questionnaires.
- Enables organizations to document, mitigate, and manage AI-related risks effectively before deployment and throughout the AI lifecycle.
Reference table listing the assessment templates installed with AI Risk and Compliance. Templates are delivered in Draft state and must be published before use.
Assessment templates
The following table lists assessment templates installed with AI Risk and Compliance. Templates are delivered in Draft state. A user with the AI Risk and Compliance Admin [sn_grc_ai_gov.ai_risk_and_compliance_admin] role publishes draft templates through
the Assessment Workspace. For instructions, see Assessment templates. AI case assessment templates are delivered as part of the AI Case Management application (sn_ai_case_mgmt) and are not included in AI Risk and Compliance base assessment templates. They are published through the same Assessment Workspace in a separate category.
| Name | Description | Applies to | Default state | When to use |
|---|---|---|---|---|
| AI impact assessment | Evaluates the potential impact of an AI system on individuals, society, and the organization. Identifies risks related to privacy, non-discrimination, fairness, and other fundamental rights using a questionnaire-based approach. Responses can be configured to map to risk statements and control objectives through Post Assessment Actions. Automation rules that drive this mapping must be configured by your organization; no pre-configured mapping rules are included. Role required: AI asset owner or AI risk and compliance business user [sn_grc_ai_gov.ai_risk_and_compliance_business_user]. | AI systems | Draft | After AI use case submission, during the Assess phase. |
| AI impact assessment for EU AI Act conformity assessment | Evaluates whether an AI system may be subject to the EU Artificial Intelligence Act (AI Act). Focuses on risk classification, fundamental rights, safety, and transparency requirements. Assessment results determine whether additional governance activities are required, such as a full EU AI Act Conformity Assessment or a Fundamental Rights Impact Assessment (FRIA). Role required: AI asset owner or AI risk and compliance business user [sn_grc_ai_gov.ai_risk_and_compliance_business_user]. | AI systems | Draft | When an AI system may be subject to the EU AI Act, especially when high-risk classification is possible. |
| EU AI Act Conformity Assessment | Provides a comprehensive evaluation of whether a high-risk AI system meets applicable EU AI Act requirements, including risk management, data governance, technical documentation, transparency, human oversight, accuracy, and robustness. Role required: AI risk and compliance analyst [sn_grc_ai_gov.ai_risk_and_compliance_analyst] or AI risk and compliance manager [sn_grc_ai_gov.ai_risk_and_compliance_manager]. | AI systems | Draft | After initial EU AI Act assessment classifies the system as high risk, and before pre-deployment review. |
| Fundamental Rights Impact Assessment (FRIA) | Evaluates how a high-risk AI system may affect fundamental rights such as privacy, non-discrimination, freedom of expression, access to justice, and human dignity. Complete the FRIA before deployment to document and mitigate potential adverse effects. Role required: AI risk and compliance analyst [sn_grc_ai_gov.ai_risk_and_compliance_analyst] or AI risk and compliance business user [sn_grc_ai_gov.ai_risk_and_compliance_business_user]. | AI systems | Draft | After conformity assessment identifies potential fundamental rights implications and before deployment. |
| High-risk AI assessment questionnaire | Captures detailed information for AI systems flagged as potentially high risk, including design, data handling, decision-making, and potential harms. Results determine which governance controls, monitoring requirements, and review processes apply throughout the AI system's life cycle. Role required: AI asset owner or AI risk and compliance business user [sn_grc_ai_gov.ai_risk_and_compliance_business_user]. | AI systems | Draft | When an AI system is flagged as potentially high risk during intake screening or impact assessment. |
| AI Impact Assessment on AI asset inventory | Evaluates risks associated with a specific AI model independent of its parent AI system. Supports model-level governance when a model is shared across systems or has a distinct risk profile. Role required: AI asset owner or AI risk and compliance analyst [sn_grc_ai_gov.ai_risk_and_compliance_analyst]. | AI models | Draft | When a model requires independent governance evaluation (for example, a shared model or one with distinct risk factors). |
| AI case assessment questionnaire | Provides a standardized evaluation framework for AI cases reported through the AI Risk and Compliance Workspace, Employee Center, or email. Supports consistent evaluation, case prioritization, and root cause analysis. Delivered with AI Case Management (sn_ai_case_mgmt). Role required: AI case analyst
[sn_ai_case_mgmt.ai_case_analyst] or AI risk and compliance analyst [sn_grc_ai_gov.ai_risk_and_compliance_analyst]. |
AI cases | Draft | During the investigation phase, after the case is triaged and assigned to an analyst. |