Yokohama |
- Measure resilience metrics using the CSDM model
-
Define the entity types and pillars in Operational Resilience and generate the entities. Establish relationships between CSDM objects, including business services, service offerings, business processes, and application services. Specify the type of main node configuration that you want to use by setting the
sn_oper_res.opres_csdm_main_node_config property.
After generating the entities and setting up the main node configurations, you can import CMDB data into Operational Resilience for reporting. CSDM and their dependencies are updated weekly while the red flags data is calculated daily. The outcome is displayed on the Homepage or in the related list of the CSDM objects.
- Specify the primary origin of an operational vulnerability
- Identify the primary origin of an operational vulnerability in its record. Once the primary origin is specified, its upstream dependencies are automatically included in the impacted areas, enabling you to view the
operational vulnerability from all affected perspectives.
- Using Digital resilience incident reporting
-
Assess whether any critical services are affected and classify the reported incident as a major incident if necessary. Notify regulators of major incidents, categorized by their severity and security ratings.
The Digital resilience incident reporting module, accessible from the Operational Resilience Workspace, is integrated with Incident Management and Security Incident Response to generate and share reports in the format that is specified by the regulators.
You can generate an initial report within 24 hours, an intermediate report within 72 hours, and a final report within 1 month. All of these reports are automatically triggered by the application from the time that the
incident is classified as a major incident.
|
Zurich |
- Use the interactive Node Map visualization
-
Navigate operational dependencies using the interactive Node map visualization. Configure node and edge settings in the Nexus map, then display Main node configurations directly within the Operational Resilience Workspace. The Resilience map action provides access to relationships for Business Services (BS), Application Services (AS), Supporting Offerings (SO), Business Processes (BP), and
Dependencies modules in the map view.
You can configure node dependency directions and enhance visual elements with improved colors and icons for clarity. Additionally, you can gain comprehensive insights from the summary panel and address missing 'red flags'
for a complete picture.
- Generate Word reports of action tasks
- Use the Document designer to set up Microsoft Word templates and download action task reports in Digital resilience incident reporting. This functionality enables you to customize predefined templates or create templates, incorporating specific data like tables and columns from records, to generate
intuitive, audit-ready reports. You can then save these reports within the ServiceNow® instance or as cloud documents in Microsoft SharePoint.
- Report incidents associated with multiple regulations for various legal entities
- Report incidents or security incidents associated with multiple regulations for various legal entities in Digital resilience incident reporting. Its automated workflow generates regulatory reporting assessment of IT incidents, DRI Initial report, DRI Intermediate report, and DRI Final report within regulatory
timelines, each with dedicated action tasks. You can complete these tasks and generate reports in Microsoft Word format required by regulatory authorities for analysis.
- Generate Register of Information (RoI) regulatory packages
-
Generate regulator-ready Register of Information (RoI) regulatory packages using the Plain-CSV Report Package option on the download page in Digital resilience third-party registers. The resulting ZIP file, structured to regulator specifications, includes metadata and report folders with file names containing LEI, entity ID, and release
version.
This format helps you to verify EU
DORA compliance and supports automated validation workflows. For suggested steps and permissions, refer to the user guide on the Download and Upload request page.
- Validate downloaded Register of Information regulatory packages
-
Validate downloaded Register of Information (RoI) regulatory packages against requirements using the Plain-CSV Report Package option on the Digital resilience third-party registers download page. This process verifies file format, structure, encoding, naming conventions, and field-level data across multiple tables.
If validation warnings are detected, an automated report is attached, mapping issues to regulator fields like Template Code, Row Code, and Column Code. These reports include real-world field labels, rule expressions, and
record identifiers. You can easily cross-reference validation errors using a downloadable Excel template that mirrors the CSV structure, simplifying issue location and resolution. Further enhancements include support for
'Not applicable' values, enforced file size limits, and clearer error messages for malformed data.
- Improve resilience metrics with the enhanced CSDM model
-
Leverage the enhanced fix scripts in the Common Service Data Model (CSDM) to enhance your Operational Resilience metrics. Each node in the hierarchy is now stored separately, with its class and parent nodes, to help you manage your data more efficiently.
The Update CSDM and other dependencies scheduled job script has been optimized to process the main node configurations in parallel, triggering a separate event for each node. Any node can be at the top
level. Additionally, you can store impacted objects, including all parents, in a single table, so that you can efficiently retrieve children nodes and improve your data retrieval.
Configure the sn_oper_res.top_class_name property to designate any class as the top class. You can view the downstream data and various dashboards based on the selected top class, such as the number of
application services that are under a business service.
- Analyze importance and impact tolerance of a service using Smart Assessment
- Analyze a service's importance and impact tolerance through flexible assessments by using one or multiple Smart Assessment templates. Role-based access controls and auto-assigned tasks help you to streamline the process. You can reopen and complete assessments as needed and send email notifications to relevant
users.
- Generate customized and flexible self-attestation reports using Smart Assessment
- Generate customized and flexible self-attestation reports by using Smart Assessment. Start with the default template, add relevant scopes and users, and generate a PDF report on completion of the self-attestation process. By creating custom templates with various data types,
you make the self-attestation process more efficient.
- Leverage enhanced DORA capabilities for contracts, supply chains, and assessments
- Use the enhanced Digital Operational Resilience Act (DORA) data model in Operational Resilience. You can configure contracts based on their supply chains and assessments, upload the contract records, and generate a detailed report in Microsoft Excel that provides information on the entities, third parties, and specific contract details.
- Track third-party risk assessments
- Track third-party risk assessments as red flags in Operational Resilience reports and overview pages for business services, service offerings, and business processes. Operational Resilience users, managers, and administrators can review these assessments in Operational Resilience Workspace. The sn_vdr_risk_asmt.vendor_assessment_reviewer role is now included in the sn_oper_res.user role, so that you can grant the necessary access to the assessments.
|