GRC case summarization skill for privacy cases

  • Release version: Zurich
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of GRC case summarization skill for privacy cases

    The GRC case summarization skill leverages a large language model (LLM) to generate a structured, concise AI summary of privacy case records within ServiceNow. It synthesizes key case details from multiple data points to help assignees and approvers quickly grasp the case context, facilitating efficient decision-making. The summary can be generated on demand, reviewed, edited, and saved to the case record for ongoing reference.

    Show full answer Show less

    This skill addresses the complexity of privacy cases which often involve multiple coordinators, extensive activity logs, and breach assessments. It compiles information from predefined fields and related lists, sends this data to a configured LLM provider, and returns a summarized output.

    User Roles and Activation

    • snnowassistadmin.nsaadmin: Allows admins to activate or modify the Now Assist skill.
    • snprivacycase.privacycaseanalyst: Grants access to privacy case records.
    • snprmgenai.user: Provides access to Now Assist skills for Privacy Management and automatically includes the minimum role needed to use GRC case summarization.

    Members of a case's Assignment group can view any saved summaries. The skill must be activated via the Now Assist Admin console before use.

    LLM Service Providers

    Administrators must configure a default LLM provider for the summarization skill. Supported providers include:

    • Azure OpenAI
    • AWS Claude
    • Now LLM Service and Now LLM Service LTS
    • Google Gemini

    Setting a default provider ensures the skill can communicate with the AI service to generate summaries.

    Privacy Case Summary Structure

    The generated summary captures the state of the case at generation time and can be refreshed as the case evolves. Once saved, the summary is visible on the Overview tab and in the Activity stream of the Details tab. Key components include:

    • Case Overview: Core details such as case name, description, start date, priority, and assigned analyst.
    • Events Timeline: Dates of occurrence, discovery, investigation, and remediation phases.
    • Scope of Impact: Summary of impacted areas and regulatory frameworks, including counts of affected controls, entities, policies, and regulations.
    • Data Impacted: Types of personal data exposed or compromised.
    • Evidence & Worknotes: Investigation notes and comments recorded during case activities.
    • Causes & Consequences: Confirmed and suspected causes, plus resulting impacts or penalties.
    • Actions & Outcomes: Summary of investigative tasks, breach assessments, and additional resolution actions taken.
    • Lessons Learned: AI-powered analysis of case timeline, detection and remediation velocity, and investigation effort level rated low, medium, or high.

    Practical Benefits for ServiceNow Customers

    By using the GRC case summarization skill, privacy case analysts and approvers can:

    • Quickly obtain a clear, structured overview of complex privacy cases without manually reviewing extensive records.
    • Ensure consistent and comprehensive documentation of case details and investigation progress.
    • Enhance collaboration by making summaries easily accessible to all assigned users.
    • Leverage AI insights to identify investigation effort and case velocity, informing better risk management decisions.

    The GRC case summarization skill uses a large language model (LLM) to generate a structured AI summary of a privacy case record. The summary is generated on demand from case data and can be saved to the record for future reference.

    Overview of the GRC case summarization skill

    Privacy cases can involve multiple coordinators, complex activity logs, and breach assessments. The GRC case summarization skill generates a concise AI summary of key case details, so assignees and approvers can quickly understand the context and support efficient decision-making.

    The GRC case summarization skill collects data from predefined fields and related lists across the case record. This data is assembled into a prompt and sent to the configured LLM service provider, which then returns a structured summary.

    To summarize privacy case records, the skill must be activated from the Now Assist Admin console. Once it's activated, case analysts with the appropriate user role can trigger the skill on a privacy case.

    User roles

    Important user roles to activate and use this skill are:
    • sn_nowassist_admin.nsa_admin: Grants an admin access to activate or edit a Now Assist skill.
    • sn_privacy_case.privacy_case_analyst: Grants access to privacy case records.
    • sn_prm_gen_ai.user: Grants access to the Now Assist for Privacy Management skills.
      Note:
      Users with the sn_prm_gen_ai.user role automatically have the sn_grc_sharegenai.grc_case_ai_user role, which is the minimum role required to use the GRC case summarization skill.

    All members of the Assignment group on a case record can view any summary that has been saved to that record.

    LLM service providers

    An administrator must set a default LLM provider before the skill can be used. The following providers are supported:

    • Azure OpenAI
    • AWS Claude
    • Now LLM Service
    • Now LLM Service LTS
    • Google Gemini

    To set a default provider for the GRC case summarization skill, see Manage model providers.

    Components of a privacy case summary

    The summary reflects case data at the time of generation. As the case progresses, you can regenerate the summary to capture the latest information. Once generated, you can review and edit the summary before saving it to the privacy case record. The saved summary appears in the Overview tab and in the Activity stream of the Details tab.

    Table 1. Privacy case summary structure
    Section What it captures
    Case Overview Core case details, such as name, description, start date, priority, and assigned analyst, captured from the Details tab.
    Events Timeline Date of occurrence, date of discovery, investigation start and end dates, and remediation start and end dates, captured from the Schedule section on the Details tab.
    Scope of Impact Blast Radius Breakdown- Summary of the areas and regulatory frameworks impacted by the privacy case, captured from the Impacted Areas, Related Areas, and Regulations tabs.
    • Impacted areas- Number of areas, such as control, entity, location, company, and users, impacted by the reported privacy case.
    • Related areas- Number of areas, such as policies, citations, control objectives, and risk events, related to the privacy case.
    • Regulations/Standards- Number of regulations that are or can be impacted by the reported privacy case.
    Data Impacted Types of personal data exposed or compromised during the incident, captured from the [PI] Information Objects tab.
    Evidence & Worknotes Work notes and comments recorded during the investigation, captured from the Activity section on the Details tab.
    Causes & Consequences Causes and consequences of the privacy case, captured from the Causes and Consequences tab.
    • Cause (Confirmed)- Confirmed cause of the incident.
    • Contributing Cause (Suspected)- Suspected cause of the incident.
    • Consequences- Resulting impact or penalties arising from the incident.
    Actions & Outcomes Summary of actions taken during the investigation, captured from the Action Tasks and Breach assessment tabs.
    • Investigation- Initial investigation tasks to examine the reported incident.
    • Assessment- Breach assessment to evaluate the risk and extent of compromised data.
    • Additional Actions Taken- Supplementary actions to support a resolution.
    Lessons Learned AI-powered analysis of the case timeline and overall investigation effort.
    • Velocity analysis- Time to detect, investigate, and remediate.
    • Investigation effort level- Effort assessment ranked as low, medium, or high, based on case complexity, activity log, and timelines.