Risk and Compliance Dashboard reports and solutions

Release version: Zurich

Updated July 31, 2025

5 minutes to read

Summarize

Summarized using AI

Summary of Risk and Compliance Dashboard reports and solutions

The Risk and Compliance Dashboard in ServiceNow provides a comprehensive, unified view of compliance and risk data across major Governance, Risk, and Compliance (GRC) applications. It is designed primarily for chief information security officers (CISOs) and compliance managers to understand the organization's overall risk and compliance posture.

Show full answer Show less

The dashboard consolidates data from multiple ServiceNow GRC products, offering real-time insights into compliance, risk, privacy, audit, third-party risk, and business continuity management, provided the respective workspaces are installed.

Access and Roles

Access to specific dashboard reports requires appropriate ServiceNow AI Platform roles, ensuring users see only relevant data:

Compliance reports: sngrcdashboards.grccisouser and snbod.ciso
Risk reports: sngrcdashboards.grccisouser and snbod.ciso
Business Continuity Management: snbcm.viewer and snbod.ciso
Third-party risk: snvdrriskasmt.vendorassessmentreviewer and snbod.ciso
Privacy: snprivacy.analyst and snbod.ciso
Audit: snauditws.auditor and snbod.ciso

Key Indicators and Metrics

Compliance posture: A formula indicator showing overall compliance percentage, supported by automated controls data.
Privacy compliance posture: Processing activity compliance score percentage.
Functional Domain breakdowns: Enables filtering and detailed analysis based on functional areas.

Report Types and Their Uses

The dashboard includes multiple report types with visualizations such as line charts, donut charts, lists, and heatmaps. These reports help ServiceNow customers monitor and analyze different aspects of GRC:

Compliance Overview

Compliance posture: Cybersecurity and IT risk compliance trends over time.
Authority documents and policies: Visualizations showing compliant vs non-compliant documents and policies, including compliance scores, high-priority issues, and exceptions.

Risk Overview

Risk posture: Risk counts by rating, including detailed risk assessment results when Advanced Risk is enabled.
Risk details: Risk appetite, high-priority issues, overdue response tasks, and percentage of Key Risk Indicator breaches.
Third-party risk posture: Overall risk ratings for vendors/third parties including risk criteria, tiers, intelligence ratings, and overdue tasks.

Privacy Overview

Privacy compliance posture: Monthly compliance scores for processing activities.
Overdue high priority issues: Highlights critical privacy-related issues requiring immediate attention.
Privacy risk heatmap: Visualizes privacy risk assessments and aggregated risk scores related to processing activities.

Entity Overview

Shows risk and compliance scores for organizational entities, including high-priority issues and exceptions linked to non-compliant controls.

Audit Overview

Lists open and upcoming audit engagements with details such as engagement leads, timelines, high-priority issues, and fieldwork progress.

Business Continuity and Crisis Management

Reports on ongoing crisis events, asset recovery status, and recovery task statuses, providing a clear picture of business continuity efforts.

Practical Benefits for ServiceNow Customers

Centralized visibility: Consolidates diverse GRC data into a single dashboard for quick executive-level insights.
Role-based access: Ensures users see relevant data based on their responsibilities, enhancing security and focus.
Actionable insights: Identifies overdue issues, high-priority risks, and compliance gaps to prioritize remediation efforts effectively.
Supports decision-making: Provides detailed risk and compliance metrics, enabling informed governance and risk management strategies.

Usage Notes

All reports are available only if the corresponding ServiceNow GRC workspaces and applications are installed and properly configured. Users should verify role assignments to access the intended reports.

The Risk and Compliance dashboard is a unified dashboard that provides a comprehensive analytical data of reports available from the major GRC applications for the chief information security officer to understand the compliance and risk posture of the organization. The dashboard consolidates data from various products within the ServiceNow GRC suite of applications.

Note:

All reports are available only when the corresponding workspaces are installed.

Video showing the reports available in the different tabs of the Risk and compliance dashboard. — Figure 1. Risk and compliance dashboard

Required ServiceNow AI Platform roles

For Compliance related reports: User must have sn_grc_dashboards.grc_ciso_user role and sn_bod.ciso role.
For Risk related reports: User must have sn_grc_dashboards.grc_ciso_user role and sn_bod.ciso role.
For Business Continuity Management related reports: User must have sn_bcm.viewer role and sn_bod.ciso role.
For Third-party risk related reports: User must have sn_vdr_risk_asmt.vendor_assessment_reviewer role and sn_bod.ciso role.
For Privacy related reports: User must have sn_privacy.analyst role and sn_bod.ciso role.
For Audit related reports: User must have sn_audit_ws.auditor role and sn_bod.ciso role.

Access the Risk and Compliance Dashboard

To open the dashboard, navigate to All > Cybersecurity Executive Dashboard > Cybersecurity Executive Dashboard.

Indicators

Compliance posture

Compliance percentage: Formula indicator that depicts compliance posture.
All Controls: Automated indicator that supports the formula indicator.
Compliant Controls: Automated indicator that supports the formula indicator.

Privacy compliance posture

PA indicator: Processing activity compliance score percentage.

Breakdowns

Functional Domain.

Reports

Note:

All reports are available only when the corresponding workspaces are installed.

Table 1. Overview tab
Title	Type	Source table	Description
Compliance posture	Line chart	Control [sn_compliance_control]	Provides cybersecurity and risk, and IT risk and compliance posture based on data analysis to the compliance managers.
Risk posture	Donut chart	The source tables are as follows: Risk [sn_risk_risk] Detailed aggregated risk [sn_risk_advanced_risk_assessment_result] (When the Advanced Risk application is installed and Advanced Risk Assessment is enabled	Provides the risk count based on the risk ratings.
Ongoing crisis events	Single Score	Recovery event [sn_recovery_event] where event type is actual	Displays the total number of ongoing crisis events that are neither approved nor closed.
Assets by recovery status	Donut chart	Assets [sn_recovery_event_asset]	Provides the total number of assets for ongoing crisis events grouped by their recovery status, including assets that have been recovered and those that have not.
Recovery tasks by status	Donut chart	Recovery tasks [sn_recovery_event_task]	Provides the status of recovery tasks in various states for ongoing crisis events.

Table 2. Compliance overview tab
Title	Type	Source table	Description
Authority documents	Donut chart	Authority Document [sn_compliance_authority_document]	Provides data of compliant and non-compliant authority documents in the chart. The list provides details of the authority documents, their individual compliance score in percentage, count of high priority issues and high risk exceptions on the authority documents, and the count of compliant cases.
Policies	Donut chart	Policy [sn_compliance_policy]	Provides the count of compliant and non-compliant policies in the chart. The list provides details of the policies, their individual compliance score in percentage, count of high priority issues and risk exceptions raised on each policy, and the count of compliant cases.

Table 3. Risk overview tab
Title	Type	Source table	Description
Risk posture	Donut chart	The source tables are as follows: Risk [sn_risk_risk] Detailed aggregated risk [sn_risk_advanced_risk_assessment_result] (When the Advanced Risk application is installed and Advanced Risk Assessment is enabled)	Provides the risk count based on the risk ratings.
Risk posture	List	GRC Content Status [sn_grc_content_reports]	Provides the risk rating for each organizational risk to understand the overall risk assessment results. These ratings help organizations understand the potential impact and likelihood of various risks, enabling them to prioritize and manage these risks. The Risk posture card also highlights the following information for each risk: Risk appetite: Risk appetite value defined. High priority issues: The number of issues with priority is defined as High. Overdue risk response tasks: Number of overdue risk response tasks. KRI Breach %: Percentage of Key Risk Indicators (KRIs) that have exceeded their predefined thresholds or limits.
Third-party risk posture	Donut chart	Third-party risks [sn_grc_dashboards_third_party_risk]	Provides the risk rating for each third party. The risk rating is the overall assessment rating that considers the scores and ratings from all assessments conducted for a third party or vendor. The Third-party risk posture card also highlights the following information for each third party or vendor: Risk criteria: Group of risk domains (sometimes called risk areas in other platform features) that applies to a particular type of third party. Risk tier: Value determined based on the responses collected after an inherent risk assessment (IRQ) is completed. Risk intelligence rating: Aggregate of all the scores collected from Risk intelligence providers. Overdue risk response tasks: Number of overdue risk response tasks.

Table 4. Privacy overview tab
Title	Type	Source table	Description
Privacy compliance posture	Line	PA indicator: Processing activity compliance score percentage [pa_indicators]	Provides the compliance posture by month and is plotted by referring to the overall compliance score across all the processing activities.
Overdue high priority issues	Single score	Issues [sn_grc_issue]	Provides a focused overview of all overdue high-priority privacy-related issues, enabling quick identification and resolution of critical tasks to ensure compliance and data protection.
Privacy risk heatmap	Heatmap	Risk assessment methodology [sn_risk_advanced_risk_assessment_methodology]	Provides the privacy risk assessment data in the form of a heatmap. Privacy risk assessments are detailed assessments that are conducted if the criticality score is high. Assess each risk that is associated with the processing activity and know the aggregated risk score on the processing activity. After you assess the privacy risks, you can view the privacy risk posture on the risk heatmap.

Table 5. Entity overview tab
Title	Type	Source table	Description
Entities	List	Entity compliance status [sn_compliance_entities_reports]	Provides the summary of risks directly associated with the entity that contribute to the overall risk rating of the entity. The list also displays the compliance score of entities, and high priority issues and risk exceptions that are raised as a result of the non-compliant controls associated with the entity.

Table 6. Audit overview tab
Title	Type	Source table	Description
Open and upcoming audit engagements	List	Engagement [sn_audit_engagement]	Provides a list of open and upcoming audit engagements. The list also provides details of the engagement lead for each authority document, each engagement's planned start and end dates, high-priority issues, percentage of fieldwork that is completed, and the milestones in progress.

Filters


Name	Type	Description
Risk criteria	Report	Depending on which risk criterias you select, the donut chart and list shows the third parties or vendors that are in those risk areas.