Policy and Compliance Management release notes

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Policy and Compliance Management release notes

    The ServiceNow® Policy and Compliance Management application centralizes the creation and management of policies, standards, and internal controls mapped to external regulations. The Xanadu release introduces enhancements to streamline policy authoring, collaboration, and compliance assessments, improving operational efficiency and regulatory adherence.

    Show full answer Show less

    Key Features

    • Document Integration and Collaboration: Upload Microsoft Word policy documents directly from local machines to Microsoft OneDrive, Google Drive, or Microsoft SharePoint. This enables multi-user collaboration and access from any device.
    • Policy Authoring with Microsoft SharePoint: Integrate with SharePoint sites to facilitate version control, redlining, and collaborative drafting and reviewing of policies, maintaining policy history and automatic updates.
    • Cyber Risk Institute (CRI) Assessments: Perform tiering assessments and profile entities to determine compliance status and calculate overall assessment scores using CRI questionnaires. Multiple compliance roles can initiate these assessments.
    • Employee Operator Role Enhancements: Employees can now respond to policy acknowledgments and request exceptions via the Employee Center portal.
    • Domain Separation: Policy and Compliance Management records are domain separated based on parent objects or user domains, enhancing data security across organizational units.

    Activation and Compatibility

    • The application is available via the ServiceNow Store and requires installation through a store request.
    • Supports the latest public release and two prior versions of major browsers including Google Chrome, Firefox (and ESR), Microsoft Edge Chromium, and Safari (12.0+).

    Practical Benefits for ServiceNow Customers

    By leveraging these new features, customers can effectively manage policy lifecycle and compliance requirements with enhanced collaboration tools and risk assessments. Integration with popular document management platforms simplifies document control and accessibility. Role enhancements improve employee engagement in compliance processes, while domain separation ensures proper data governance. Overall, the Xanadu release empowers organizations to maintain up-to-date policies aligned with regulatory standards and streamline compliance management workflows.

    The ServiceNow® Policy and Compliance Management application provides a centralized process for creating and managing policies, standards, and internal control procedures that are cross-mapped to external regulations and benchmarks. Policy and Compliance Management was enhanced and updated in the Xanadu release.

    GRC: Policy and Compliance Management highlights for the Xanadu release

    • Revise your policies and update the policy text periodically by integrating with Microsoft SharePoint.
    • Use policy authoring and the redlining feature to enable policy owners and reviewers to collaborate, review, and redline policies.
    • Perform a Cyber Risk Institute (CRI) assessment on a company as an entity to determine its control status and calculate the assessment score.
    • Use the employee operator role introduced in Policy and Compliance Management for operations in Employee Center.

    See Policy and Compliance Management for more information.

    Important:
    Policy and Compliance Management is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    New in the Xanadu release

    Upload policy document from your local machine to Microsoft OneDrive
    Upload a Microsoft Word document that exists in your local machine to Microsoft OneDrive and link the document with the policy. You can access the document from any device and enable multiple users to collaborate on the policy document.
    Create and associate a policy text document in Google Drive
    Integrate your ServiceNow instance with Google documents to manage documents in Google Drive. Create a Word document in Google Drive that you can access through a browser and store in Google Drive. You also have the option to create a Microsoft Word document that you can manage in Google Drive.
    Upload policy document from your local machine to Google Drive
    Upload a Microsoft Word document that exists in your local machine to Google Drive and link the document with the policy to enable multiple users to collaborate on the policy document.
    Upload policy document from your local machine to Microsoft SharePoint
    Upload a Microsoft Word document that exists in your local machine to Microsoft SharePoint and link the document with the policy to enable multiple users to collaborate on the policy document.
    Policy authoring using Microsoft SharePoint
    Monitor and revise your organization's policies at regular intervals to maintain their relevance and compliance. Integrating Microsoft Word document files with multiple Microsoft SharePoint sites helps your policy owners, reviewers, and approvers to author, modify, and maintain different versions of a policy text and thus retain its history. You can also collaborate on policy drafting and review processes. The policy text is updated automatically. You can copy and paste text from a document into the Policy text field in HTML and then convert it to a PDF format.
    Using CRI assessment questions to profile an entity
    Perform a CRI tiering assessment for an entity to determine its tier, and then perform a CRI assessment for that entity. Based on the response to the CRI questionnaire from the assessor, the compliance status of each mapped control to a question is determined. The overall compliance score of the entity is also calculated.
    User role enhancements in Policy and Compliance Management
    Respond to policy acknowledgments and request a policy exception from the Employee Center portal with the employee operator role.

    Changed in this release

    Perform CRI tiering questionnaire to determine the tier value of entity
    In addition to the Entity owner, the Corporate compliance manager [sn_compliance_ws.corporate_compliance_manager], Corporate compliance analyst [sn_compliance_ws.corporate_compliance_analyst], and IT compliance manager [sn_compliance_ws.it_compliance_manager] can trigger CRI tiering questionnaire and initiate CRI profile assessments.
    • UI action button Initiate CRI tiering assessment has been renamed as Initiate CRI tiering questionnaire.
    • UI action button Initiate CRI assessment has been renamed as Initiate CRI profile assessment.
    Domain separation in GRC: Policy and Compliance Management
    Now both manually created records and auto-generated records created through scheduled jobs or scripts are domain separated based on their parent object or user domain for all Policy and Compliance Management objects.

    Activation information

    Install Policy and Compliance Management by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Browser requirements

    GRC: Policy and Compliance Management requires the latest public release and two previous release versions of the following browsers:
    • Google Chrome
    • Firefox and Firefox Extended Support Release (ESR)
    • Microsoft Edge Chromium
    • Safari 12.0 and later versions