Roles installed with Privacy Management

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Roles Installed with Privacy Management

    The GRC: Privacy Management application includes specific roles designed to facilitate effective privacy compliance management across an organization. Each role has distinct responsibilities to ensure privacy regulations are met and maintained.

    Show full answer Show less

    Key Features

    • Privacy Analyst: Manages the privacy compliance for their processing activities, including conducting privacy impact assessments and monitoring control effectiveness.
    • Privacy Manager: Oversees the organization’s overall privacy compliance, develops policies, and reports compliance status to management.
    • Privacy Admin: Configures privacy management solutions and automates privacy assessment processes.
    • Privacy Assessment Responder: Engages in privacy assessments and can submit privacy requests.
    • Privacy Business User: Edits assigned processing activities and responds to assessments.
    • Privacy Developer: Creates custom scripts related to privacy management.
    • Privacy Employee User: Allows employees to request privacy assessments and report violations via the Employee Center.
    • Lite Operator Roles: Provide limited access for responding to assessments and managing processing activities within the GRC: Privacy Lite User application.

    Key Outcomes

    By utilizing these roles effectively, ServiceNow customers can ensure compliance with privacy regulations, streamline privacy management processes, and foster a culture of accountability and awareness regarding data privacy within their organizations. Each role contributes to a structured approach to managing privacy risks and maintaining compliance, ultimately enhancing the organization’s overall privacy posture.

    The GRC: Privacy Management application installs the roles for the privacy analyst, the privacy manager, and the privacy administrator to perform their respective tasks.

    Table 1. Roles and their descriptions
    Role title [name] Description Contains roles
    Privacy Analyst

    [sn_privacy.analyst]

    		 Privacy analysts are responsible for managing the privacy compliance posture of the processing activities owned by them.​ They perform the following tasks:
    • Assess the processing activities regularly by sending and reviewing privacy impact assessments​.
    • Work with the management and business users to identify and manage controls related to a processing activity​.
    • Manage and resolve the concerns of business users about compliance-related issues and policy exceptions​.
    • Test and monitor control effectiveness​.
    • sn_grc_workspace.task_reader
    • sn_risk_advanced.ara_approver
    • sn_risk_advanced.ara_assessor
    • sn_risk.user
    • sn_compliance.user
    • sn_privacy_case.privacy_case_analyst
    Privacy Manager

    [sn_privacy.manager]

    		 Privacy managers are responsible for managing the overall organization level privacy compliance posture.​ They perform the following tasks:
    • Develop and implement privacy regulations, authority documents,​ and policies.
    • Review privacy regulatory requirements and policies​.
    • Design and monitor controls to deal with violations of privacy regulations and internal policies.​
    • Plan privacy programs and scope entities.
    • Creating privacy impact assessment templates.​
    • Continuously monitor control effectiveness and recommend effective improvements.
    • ​ Supervise the privacy compliance team.​
    • Report to management and the Board of Directors on compliance posture​.
    • Discover who is implementing privacy regulation for the first time in their organization.
    • sn_compliance.manager
    • sn_privacy.analyst
    • sn_risk.manager
    • sn_grc_workspace.task_admin
    • sn_compliance.attestation_creator
    • sn_grc_reg_change.manager
    • sn_privacy_case.privacy_case_manager
    Privacy Admin

    [sn_privacy.admin]

    		 Privacy administrators administer the privacy policy and compliance management. ​ Users assigned this role are responsible for configuring privacy management solutions as per the privacy team's requirements.​ They perform the following tasks:
    • Configure privacy impact assessments and automated flows to trigger assessments​
    • Configure rules to auto-create processing activities ​out of privacy screening assessments.
    • Monitor the ServiceNow AI Platform dependencies with other applications and modules.
    • Can read the scripts under Processing activity script configurations related list.
    • sn_privacy.manager
    • sn_risk_advanced.ara_admin
    • sn_compliance.admin
    • sn_privacy_case.privacy_case_admin
    Privacy assessment responder

    [sn_privacy.assessment_responder]

    		 Privacy assessment responders can respond to the privacy assessments as key stakeholders. They can also raise privacy requests from the portal.
    • sn_grc_workspace.task_reader
    • canvas_user
    Privacy business user

    [sn_privacy.business_user]

    		 Privacy business users can edit the assigned processing activities in the Discover state, and also respond to the assessments.
    • sn_grc_workspace.task_reader
    • canvas_user
    • sn_privacy_case.privacy_case_business_user
    • sn_grc.business_user
    Privacy developer

    [sn_privacy.developer]

    		 Privacy developers can write custom scripts sn_privacy.admin
    If the Privacy Employee User application is installed, then the following roles are available.
    Privacy employee user

    [sn_privacy_emp.privacy_employee]

    		 Enables your employees to perform the following operations from the Employee Center:
    • Proactively request privacy impact assessments (PIAs) for new implementations, applications, and processes from the Employee Center.
    • Report privacy cases related to data privacy policy and regulatory violations.
    • Read and acknowledge organizational privacy policies
    • Create policy exceptions.
    • Create privacy issues.
    • sn_grc.issue_employee_user
    • sn_compliance.policy_ack_employee_user
    • sn_compliance.policy_exception_employee_user
    If the GRC: Privacy Lite User application is installed, then the following roles are considered as lite operators.
    • sn_privacy.assessment_responder
    • sn_privacy_case.privacy_case_business_user
    • sn_privacy.business_user
    • sn_grc_pdr.data_owner_admin

    Users with the lite operator role can do the following:

    • Respond to privacy assessment tasks as business users.
    • Work on the processing activity as a business user when it’s assigned to you to collect the required details.
    • Respond to the processing activity's criticality risk assessments and object-based assessment.
    • Respond to the detailed privacy risk assessments on each risk identified on a processing activity.
    • Work on breach assessments and other privacy case tasks.
    • Respond to the assessment and investigation tasks assigned by the privacy team.
    • Work on personal data rights action tasks to handle data according to the requester's requests.
    • Respond to the assigned control attestations.
    • View, update, and close assigned issues.
    • Create, update, and close assigned remediation tasks.
    • Respond to the assigned manual indicator tasks.