Common Governance, Risk, and Compliance feature release notes

  • Release version: Xanadu
  • Updated August 1, 2024
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Common Governance, Risk, and Compliance feature release notes

    The ServiceNow Governance, Risk, and Compliance (GRC) application helps organizations maintain business continuity during adverse events by managing risks, compliance, and governance activities. The Xanadu release introduces enhancements that improve issue grouping, licensing oversight, user roles, and integration with Microsoft 365, among other capabilities.

    Show full answer Show less

    Key Features

    • Issue Grouping Management: Organize related issues by designating a standalone issue as a parent and managing child issues either collectively (inheriting state, response, explanation) or individually. New fields clarify issue roles and management methods.
    • Confidentiality and Inheritance Enhancements: Controls to ensure child issues maintain confidentiality status consistent with their parent, with specific behaviors when changing confidentiality settings to preserve sensitive data integrity.
    • GRC Licensing Overview Dashboard: Provides a self-service view of license consumption trends across product families such as Integrated Risk Management and Privacy Management. It includes expanded data retention and archiving for five years to support license tracking.
    • GRC Employee Role: Available through the GRC Employee User application, this role allows employees to acknowledge policies, report risks, request policy exceptions, and interact with the Compliance team directly via the Employee Center.
    • Lite Operator Role Enhancements: New audit-related roles (reader and approver) added as Lite Operator roles, with reclassification of certain roles when specific GRC applications are installed, enhancing access control and role management.
    • Entity Filter Modification Warnings: Safeguards to prevent unintended impacts by providing warnings and impact analyses before deleting or modifying entity filters related to risk and control records.
    • Document Designer Integration: Enables updating and adding content using Microsoft 365 within ServiceNow Reporting, allowing seamless insertion of data and reports into Microsoft Word documents.
    • Role Attribution to Licensing Mapping: A dashboard tab that clarifies how license consumption maps to roles and users, helping administrators understand licensing implications for different user-role combinations.
    • Stakeholder Management in Entities: Allows defining stakeholders with customizable roles on entity forms to effectively involve teams in risk assessments and projects by adding personas, groups, and users.

    Activation and Availability

    The GRC application and new features are available by requesting installation through the ServiceNow Store. Certain features, such as the GRC Employee role and related applications, require entitlement and installation to access their capabilities.

    The ServiceNow® Governance, Risk, and Compliance (GRC) application enables an organization to continue to provide its business services during adverse operational events, such as a pandemic, extreme weather, or hacking. Governance, Risk, and Compliance was enhanced and updated in the Xanadu release.

    GRC highlights for the Xanadu release

    • Group issues within your workspaces to organize and manage related issues, and streamline the issue grouping process with the confidentiality and inheritance enhancements.
    • Select an existing standalone issue to serve as the parent for other related issues during issue grouping.
    • Track license consumption across different product families using the GRC Licensing Overview dashboard.
    • Use the new GRC Employee role to report or request GRC workflows, and read and acknowledge policies from the Employee Center (Only applicable to customers who are entitled to and have installed the GRC Employee User application).
    • Read and approve audits, and read audit related tables with the enhanced Lite Operator changes.
    • Update and add content using Microsoft 365 for ServiceNow Reporting now integrated with the Document designer application.

    See Governance, Risk, and Compliance for more information.

    Important:
    GRC is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    New in the Xanadu release

    Management method in issue grouping
    Group and manage issues from a parent issue, or manage child issues independently using the group issue management method. When you select the Management method as Manage parent, the child issues inherit the values of the State, Response, and Explanation fields from the parent issue. When Manage child is selected, the child issue maintains its own State, Response, and Explanation fields individually.
    As a part of this feature, the following two new fields were added on the issue record in the Issue grouping section:
    • Group level: Identifies whether an issue is a child, parent, or a standalone issue.
    • Management method: Indicates whether the issue is managed from a parent issue or as an individual child issue.
    Confidentiality and inheritance enhancements in issue grouping
    Streamline the issue grouping process with the following enhancements:
    • Add confidential child issues only under a confidential parent issue.
    • Add nonconfidential child issues under a confidential or nonconfidential parent issue.
    • Change a confidential parent issue to nonconfidential. This action will remove all confidential child issues under the parent issue, making them standalone issues after you save the record.
      Note:
      When you change a nonconfidential child issue to confidential, which is under a nonconfidential parent issue, this action removes the child issue from the nonconfidential parent issue. The child issue becomes a standalone issue and no longer linked to the parent issue.
    GRC Licensing Overview dashboard
    Use the self-service GRC Licensing Overview dashboard to track license usage trends and next month's projected usage based on role allocation. You can see the monthly aggregated counts of license consumption across different product families including Integrated Risk Management, Business Continuity Management, and Privacy Management. The following infrastructure enhancements were made:
    • Expanded the unique user usage table capacity from 9 months to 12 months.
    • License consumption details are archived for five years.
    • Aggregated monthly counts of license usage are stored.
    Introducing GRC Employee role
    Install the new GRC Employee User application and assign the GRC Employee role to your employees. The users with the GRC Employee role can perform the following activities from the Employee Center:
    • Read and acknowledge organizational policies.
    • Report risk events and issues.
    • Request policy exceptions.
    • Report a compliance case to the Compliance team.
    • Raise inquiries and requests to the Compliance team.
    Note:
    This update is only applicable to customers who are entitled to and have installed the GRC Employee User application. For more details, review the entitlement on the subscription dashboard or contact ServiceNow.
    Lite operator role enhancements
    The sn_audit.reader and sn_audit.approver roles were added as Lite Operator roles. These new roles are available to all customers.
    The following Operator roles are reclassified as Lite Operator roles when GRC Employee User application and GRC Business User Lite applications are installed:
    • sn_grc.business_user
    • sn_risk_advanced.ara_assessor
    • sn_irm_cont_auth.authorization_official
    • sn_irm_cont_auth.reader
    • sn_irm_cont_auth.executive_read
    Note:
    This reclassification is only applicable to customers who are entitled to and have installed the GRC Employee User application. For more details, review the entitlement on the subscription dashboard or contact ServiceNow.
    Entity filter deletion or modification warning
    Avoid the unintended consequences of deleting or modifying an entity filter with a warning message. This message includes an impact analysis of the affected entity, risk, and control records.
    Document designer integration
    You can update and add content using Microsoft 365 for ServiceNow Reporting now integrated with the Document designer application to insert data and reports into a Microsoft Word document.
    Role attribution to licensing mapping tab
    Use the Role attribution to licensing mapping tab on the GRC Licensing Overview dashboard to understand how licensing applies to roles and users. This tab helps you with the following:
    • Identify the license treatment for all the default GRC roles.
    • Determine the license treatment of a specific user based on their assigned roles.
    • Determine the license treatment for a specific combination of roles.
    Map stakeholders in entity
    Use the Stakeholders related list in the entity form to define stakeholders with customizable roles relevant to single and composite entities. This feature enables effective team involvement in risk assessments and risk assessment projects. You can add persona, group, and users in the stakeholder list.

    Activation information

    Install GRC by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.