Acknowledge a policy

Washington DC Governance, Risk, and Compliance

Release

washingtondc

ft:locale

en-US

ft:publication_title

Washington DC Governance, Risk, and Compliance

ft:clusterId

grc

bundleId

grc

workflow

Technology

Acknowledge a policy

Release version: Washingtondc

Updated February 1, 2024

6 minutes to read

After a policy has been published, you can create an acknowledgement campaign to define a group of your employees who must provide an acknowledgement that a particular policy is in compliance. When the campaign has been defined, you can submit the request to the audience.

Set up a policy acknowledgement campaign

A policy campaign is the record used to prepare for a policy acknowledgement request. It defines the audience who must provide an acknowledgement that a particular policy is in compliance. A policy campaign is requested only if the compliance user decides it is needed.

Before you begin

Role required: Compliance User

Procedure

Navigate to All > Policy and Compliance > Policies and Procedures > Policies.
Open the Policy record in the Published state you want to acknowledge.
Scroll down and click the Acknowledgement Setup related list.

On the form, fill in the fields.


Field	Description
Audience	Select the employees who are responsible for acknowledging the policy. You define the audience using the Audience module.
Reference Material URL	Click the lock icon and add a URL to reference materials for the policy that the audience can review. When you have completed your entry, click the lock icon again.
Allow users to decline policy	Select if you want members of the audience to be able to decline the policy.
Allow users to request exception	Select if you want to members of the audience to be able to request a policy exception.

Save the record.
Scroll down and click the Acknowledgement Campaigns related list.
Click New.

Note:
Notice that the majority of the fields are pre-filled with data from the policy record.

On the form, fill in the fields.

Note:

Only field description that were not previously described are provided here.


Field	Description
Number	An auto-generated record number for the acknowledgement.
State	The current state of the acknowledgement campaign. The default state is New.
Valid from/to	Select the period of time the acknowledgement is valid. The acknowledgement is valid from the beginning of the Valid from date until the end of the Valid to date. Note: The Valid from date cannot be prior to the current date. The Valid to date cannot be beyond the Valid to date defined in the policy.
Number of days to respond	The number of days by which members of the audience have to respond.
Short description	A brief description of the policy.
Acknowledgement Details tab	This tab shows details and requirements from the policy, as well as the Reference Material URL defined during acknowledgement setup.

Click Submit.
The acknowledgement request is now ready for you to send to the defined audience.

Create an audience

When you set up a policy acknowledgement request, you must identify an audience responsible for providing the acknowledgement.

Before you begin

Role required: sn_compliance_admin or sn_compliance_manager

Procedure

Navigate to All > Policy and Compliance > Policy Acknowledgement > Audience.
Click New.
Enter a name and description for the new audience, and save the record.
Additional tabs appear.

Use the three tabs to identify members for this audience.

Option	Description
Users	Click Edit and add one or more individual users to the audience.
Groups	Click Edit and add one or more predefined groups of users to the audience.
User Filters	Click New to define a new filter for audience member inclusion. Click Edit to modify an existing user filter. You can save filters for future use.

When the audience has been defined, you can add the users, groups, or user filters to an acknowledgement request.

Submit an acknowledgement request

After you have created an acknowledgement campaign, you can submit the acknowledgement request to the defined audience.

Before you begin

Role required: sn_compliance.user

Procedure

Navigate to All > Policy and Compliance > Policies and Procedures > My Acknowledgement Campaigns.
Open the Policy Acknowledgement Campaign (PAC) record you want to submit to the defined audience.
Ensure that you have set up and saved the acknowledgement in the Acknowledgement Setup related list.
Click the Acknowledgement Campaigns related list.
Click New.

Note:
The majority of the fields are pre-filled with data from the policy record.

On the form, fill in the fields.

Note:

Only field description that were not previously described are provided here.

Table 1. Acknowledgement Campaign form
Field	Description
Number	An auto-generated record number for the acknowledgement.
State
Valid from/to	Select the period of time the acknowledgement is valid. The acknowledgement is valid from the beginning of the Valid from date until the end of the Valid to date. Note: The Valid to date cannot be beyond the Valid to date defined in the policy.
Number of days to respond	The number of days by which members of the audience have to respond.
Short description	A brief description of the policy.
Acknowledgement Details tab	This tab shows details and requirements from the policy, as well as the Reference Material URL defined during acknowledgement setup.

Click Submit.
The Request Acknowledgement button appears.
Click Request Acknowledgement.
Notice that the following changes occur.
- The state of the acknowledgement campaign changes to Pending Acknowledgement.
- Acknowledgement (ACK) records for each member of the audience appear at the bottom of the screen.
- The Acknowledgement Results tab shows the progress of the acknowledgement process. That is, it reports the total number of acknowledgements sent, and keeps a running tally of the number and types of responses received (for example, number of accepted, declined, exempted, and so forth).
Note:
The Activity tab shows acknowledgement activities as they happen. The compliance user can click the Work notes check box and post work notes to track changes. The Additional comments box can be used to communicate with the audience.
Also, each member of the audience receives an email notification similar to the following example.
As the acknowledgement period elapses, you can monitor the progress of the responses by navigating to Policy and Compliance > Policy Acknowledgement > Pending Acknowledgements.
You can also identify any audience members who have exceeded the acknowledgement time line by navigating to Policy and Compliance > Policy Acknowledgement > Overdue Acknowledgements.

Respond to an acknowledgement request

After you have been identified as a member of an audience to provide a policy acknowledgement, you must open and review the record, and then acknowledge it.

Before you begin

Role required: sn_grc.business_user, sn_grc.business_user_lite

Procedure

After you have received a notification that you are required to acknowledge a policy, navigate to Policy and Compliance > Policy Acknowledgement > My Acknowledgements.
To provide the acknowledgement, open the record and perform one of the following actions.

The available options depend on how the acknowledgement request was configured.
The available options depend on how the acknowledgement request was configured.
- The default status of the policy acknowledgement is New.
- The policy acknowledgement is set to Pending Acknowledgement, if:
  - the policy acknowledgement has reached the time set as Frequency.
  - the policy acknowledgement has reached the Valid From date, if it is the ad hoc acknowledgement
  - you click the Pending Acknowledgement button to move its state manually.
- The policy acknowledgement is in Closed state, if:
  - you move it manually to Closed state
  - it reaches the Valid to date
- The state moves to Cancel if:
  - you manually click Cancel button
  - the policy exception is rejected, the acknowledgement is reset to Cancel
Following options are available when the policy acknowledgement instance is set to different states:

Accept

If the policy is in compliance, click Accept.

Decline

If the policy is not in compliance and the request is configured in such a way that you are allowed to decline the request, click Decline.

Request Exception

If, for any reason, you do not want to respond, and the request is configured in such a way that you can opt out, click Request Exception.

Work with acknowledgements using the Service Portal

After you have received a request to provide acknowledgement for a policy, you have the option of working with the request in the ServiceNow AI Platform, or you can perform your actions in the ServiceNow Service Portal.

Before you begin

Role required: sn_grc.business_user, sn_grc.business_user_lite, sn_grc_emp_user.grc_employee

Procedure

Navigate to the ServiceNow Service Portal.
In the header bar, navigate to GRC > My Policy Acknowledgements.

All pending policy acknowledgement requests assigned to you appear.

To view details of the request, click View.

View a policy acknowledgement request on the service portal

Note:

The actions you can perform on the policy acknowledgement depend on how the acknowledgement campaign was configured, as follows.

Option	Description
If the policy is in compliance	Click Accept.
If the policy is not in compliance and you are allowed to decline the request	Click Decline.
If you do not want to respond, and you want to opt out	Click Request Exception.