Risk and compliance tab
Summarize
Summary of Risk and compliance tab
The Risk and compliance tab on the Privacy Management dashboard offers ServiceNow customers a centralized and comprehensive view of their organization's privacy-related risk exposure and regulatory compliance status. It enables privacy teams to monitor the effectiveness of privacy controls in mitigating risks and supports adherence to major regulatory frameworks such as NIST SP 800-53 and the EU GDPR. This consolidated dashboard facilitates faster, data-driven decision-making and accountability by presenting key insights through intuitive visualizations.
Show less
Key Features
- Risk Overview: A donut chart visualizes the distribution of processing activities by aggregated risk levels, with options to filter by residual or inherent risk scores. Color coding highlights risk severity for quick identification.
- Risk Heatmap: Displays all identified risks within processing activities segmented by combinations of risk and control effectiveness or impact and likelihood, adjustable by risk classification filters.
- Compliance Overview: Summarizes compliance posture across regulatory frameworks and specific privacy policies (e.g., Employee Data Privacy Policy). Users can filter by authority documents or policies and configure highlighted items for focus.
- Control Objectives Needing Attention: Lists specific control objectives that require urgent remediation, including counts of impacted processing activities. Each item links to detailed information for efficient review and action.
- Regulatory Change Management (optional): Includes widgets such as Activity Overview and Impact Assessment to track status and ongoing assessments of regulatory updates, available when the Regulatory Change Management application is installed.
Benefits for ServiceNow Customers
- Gain a unified view of privacy risks and compliance, enabling prioritization of high-risk areas and remediation activities using real-time data.
- Ensure continuous alignment with evolving regulatory requirements and industry standards through up-to-date dashboards.
- Improve transparency and accountability across privacy functions with clear visual summaries and actionable insights.
- Use configurable filters and highlighted elements to tailor the dashboard to organizational priorities and regulatory focus areas.
The Risk and compliance tab on the privacy management dashboard provides a centralized view of privacy-related risk exposure and regulatory compliance performance.
The Risk and compliance tab on the privacy management dashboard enables organizations to monitor the risk and compliance postures of the privacy program within the organization. It helps evaluate how effective current privacy controls are in mitigating identified risks and supporting compliance.
Using this dashboard, teams can track adherence to major regulatory frameworks, including NIST SP 800-53 and the EU GDPR. The dashboard presents data through intuitive visualizations such as heatmaps, compliance scores, and summaries of control objectives that need attention. These visuals provide immediate insights into risk exposure and compliance gaps across the organization. Privacy teams can identify high-risk areas and assign priority to remediation tasks based on real-time data.
The dashboard also assists in confirming continuous regulatory alignment as requirements evolve, or new risks emerge. By consolidating risk and compliance insights into one view, it supports faster decision-making and improved accountability across privacy functions.
- Risk overview
-
This donut chart displays the distribution of processing activities across different aggregated risk levels. By default, the distribution is based on the aggregated residual risk scores. However, you can apply a filter to view the distribution based on aggregated inherent risk classification instead. Each activity is color-coded by its associated risk level.
The Risk heatmap widget displays the visualization of all identified risks within each processing activity. By default, residual risk filter is applied, but you can filter it based on inherent risk level. The heatmap is segmented, and the segmentation changes based on the filter. The activities fall under the respective combination of risk and control effectiveness, or impact and likelihood. The combination is based on the selected risk classification filter.
- Compliance overview
-
This section summarizes compliance posture across different regulatory frameworks like NIST SP 800-53 and GDPR. It also provides a consolidated view. You can filter compliance information with specific Authority documents. Filtering the data by Policies shows compliance posture across privacy policies; for example, Employee Data Privacy Policy, Customer Data Privacy Policy, or third-party Privacy Policy. Select the appropriate authority document or policy in the drop-down filter to view compliance score.
Use the
sn_privacy.highlighted_policyandsn_privacy.highlighted_authority_documentproperties to configure the top two policies and authority documents that appear on this widget. - Control objectives needing attention
- This section highlights specific control objectives requiring immediate remediation, along with the number of impacted processing activities. Each control objective is hyperlinked for detailed review.
- Regulatory change management
-
The Activity overview widget displays the status of change-related activities triggered by regulatory updates. Each segment is represented using donut charts with status-based color coding.
The Impact assessment widget shows ongoing Impact Assessments related to Regulatory Assessments. The drop-down menu enables you to change the assessment category.
Note:These widgets are available only when you have the Regulatory Change Management application installed.