Register other applications to request policy exceptions

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read

    • Enable other applications to request policy exception from any table such as Problem or Incident and so on. The applications must be added and configured in the Integration Registry.

    Before you begin

    Role required: sn_compliance.manager

    The GRC business user (sn_grc.business_user) or business user – lite (sn_grc.business_user_lite) is the minimum required role to raise a policy exception from an upstream application.

    About this task

    Starting with the New York release, users from any ServiceNow application can request for policy exceptions using (GRC)’s policy exception management capability. For example, users can request policy exception for a problem related to a group of incidents that cannot be resolved for a specific duration. To be able to request policy exception, you must register the application for policy exception and create a UI action for requesting policy exception, unless one is provided with the ServiceNow application.

    Procedure

    1. Navigate to All > Policy and Compliance > Policy Exceptions > Integration Registry.
    2. Click New.
    3. On the form, fill in the fields.
      Table 1. Policy Exception Integration Registry form
      Field Description
      Name Enter a name of the registry entry.
      Policy exception target table Select the table on which a policy exception will be applied.
      Exception applied on Target record on which the exception is applied. The options are:
      • One target record: Specific target record on which the exception is applied. Select the assessed object in the Compliance data source registry.
      • All target records: All target records on which the exception is applied. Select the policy exception target table on which the exception is applied.
      Source type Auto-populates Controls if the Exception applied on is One target record. Auto-populates Control objective if the Exception applied on is All target records.
      Policy categories Select one or more categories for filtering policies. For example, if you select the Vulnerability Response category, and are requesting an exception using that application, the list of all policies is filtered by that category, saving you time. For more information, see Define policy categories.
      Entity Mapping
      Relationship Select Reference field when the entity is a field in the Policy Exception [sn_compliance_policy_exception] table.

      Select Related list when the entity is in a related list of the Policy Exception table.
      Entity field Enter the name of the field that points to the Entity [sn_grc_profile] table.

      This field displays only if you selected Reference field as the Relationship.
      Mapping table Select the table that establishes a relationship between the Policy Exception table and the Entity table.

      This field displays only if you selected Related list as the Relationship.
      Policy exception target field Select the field in the mapping table that points to the Policy Exception table.

      This field displays only if you selected Related list as the Relationship.
      Entity field Enter the name of the field in the mapping table that points to the Entity table.
      Request Source
      Note:
      The fields in this section are needed only if you are requesting a policy exception from a table other than the Policy Exception Target table.
      Table Select the table that contains the records from which the policy exception will be requested.
      Relationship Select Reference field when the entity is a field in the Policy Exception [sn_compliance_policy_exception] table. Select Related list when the entity is in a related list of the Policy Exception table
      Request source field Select the field that points to the request source table.

      This field displays only if you selected Reference field as the Relationship field in the Request Source section.
      Mapping table Select the table that establishes a relationship between the Policy Exception table and the Entity table.

      This field displays only if you selected Related list in the Relationship field in the Request Source section.
      Policy exception target field Select the field in the mapping table that points to the Policy Exception table.

      This field displays only if you selected Related list in the Relationship field in the Request Source section.
      Request source field Select the field in the mapping table that points to the request source table.

      This field displays only if you selected Related list in the Relationship field in the Request Source section.
      Questionnaire Details
      Exception questionnaire Select a questionnaire template to generate a questionnaire for the requested policy exception. For more information, see Create an exception questionnaire.
    4. Save the record.

      The Reason Choices related list appears.

      Note:
      The Reason Choices are available to the person who requests a policy exception to explain the purpose of the request. So define reasons that apply to your specific situation. For more information, see Define policy exception reason choices.