DPR and GRC integration for release compliance

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of DPR and GRC Integration for Release Compliance

    The integration between Digital Product Release (DPR) and ServiceNow® GRC: Policy and Compliance Management streamlines release management by aligning it with enterprise risk and compliance controls. This integration, starting from DPR version 2.3, enhances the safety and reliability of software releases through automated compliance validation, which accelerates the release process and reduces manual efforts.

    Show full answer Show less

    Key Features

    • Mapping of Control Objectives and PaCE policies for DPR.
    • Automation of compliance checks and risk assessments within the release workflow.
    • Management of exceptions and deviations from policy while ensuring governance and audits.
    • Real-time visibility into compliance status, risks, and policy adherence for each release.

    Ensure that you have GRC: Policy and Compliance Management version 21.1.3 or above installed to utilize this integration.

    Key Outcomes

    • Improved release safety and speed through a compliance-driven, risk-aware approach.
    • Controlled handling of policy exceptions with clear justification processes.
    • Enhanced visibility into compliance status, aiding in informed decision-making during releases.

    Users require both the sndprmodel.releaseuser and sncompliancews.corporatecompliancemanager roles to access relevant tabs in Control Objective and Control records.

    The integration between Digital Product Release (DPR) and ServiceNow® GRC: Policy and Compliance Management connects your release management processes with the enterprise risk and compliance controls. This integration helps you deliver faster, safer, and reliable releases.

    Starting with Digital Product Release version 2.3, the DPR integration with GRC: Policy and Compliance Management unifies release management with the organization's risk and compliance operations. This compliance-driven, risk-aware approach automates compliance validation, helping you deliver releases faster and more safely while reducing manual effort.

    It enables organizations to:
    • Map Control Objectives and PaCE policies enabled for DPR.
    • Automate compliance checks and risk assessments as part of the release workflow.
    • Manage exceptions and justified deviations from policy in a controlled manner, while maintaining governance and audits.
    • Provide real-time visibility into compliance status, risks, and policy adherence for every release.
      Note:
      Make sure you have the GRC: Policy and Compliance Management (sn_compliance) version 21.1.3 or above installed.

    Digital Product Release and GRC: Policy and Compliance Management integration workflow

    The following table shows a simplified, end-to-end workflow for policy compliance validations and exceptions when integrating DPR and GRC.

    Note:
    Users must have both sn_dpr_model.release_user and sn_compliance_ws.corporate_compliance_manager roles to access the PaCE policies tab in Control Objective records and the PaCE results tab in Control records.
    Table 1. Digital Product Release and GRC: Policy and Compliance Management integration workflow
    In Digital Product Release In GRC: Policy and Compliance Management
    - 1. In the Compliance Workspace, the compliance manager maps a control objective and policies from the PaCE policies tab in the Control Objective record.
    Note:
    Only the policies that have the exception enabled can be mapped to a control objective.
    For more information, see Manage control objectives and policies using the Compliance Workspace.
    2. In the Digital Product Release Workspace, the product manager, release admin, or release coordinator maps policies with a phase of a release. -
    3.a. While executing the release, release admin or product manager runs these mapped policies to validate the phase completeness. -
    - 3.b. One or more Controls are created for a combination of release entity and control objective (CO).

    For more information, see Multiple controls for compliance management.

    The policy execution status is listed in the PaCE results tab in the newly created Control records.
    4. If a policy fails, then the release admin or product manager can request an exception providing a reason and business justification. If a previously requested exception has expired, they can request an extension. -
    - 5. Compliance manager or an authorized user from the Policy and Compliance group reviews and approves the policy exception (or extension) request.

    For more information, see Review the policy exception and extension request using the Compliance Workspace.
    6. On subsequent execution of the policy, the status of the same failed policy updates to Compliant with exception. The aggregated status in the Policy status field on the Details tab also updates to Compliant with exception.

    The phase is ready for completion.

    		 -