Operational Resilience release notes
Summarize
Summary of Operational Resilience release notes
The ServiceNow® Operational Resilience application helps organizations maintain business service continuity during adverse events such as pandemics, severe weather, or cyber attacks. The Yokohama release introduces enhancements that align with the Common Service Data Model (CSDM), improve vulnerability tracking, and integrate digital resilience incident reporting to meet regulatory requirements.
Show less
Key Features
- CSDM Alignment and Metrics: Define entity types and pillars within Operational Resilience, establish relationships among CSDM objects like business services and application services, and import CMDB data for resilience reporting. Configurable main node settings enable effective retrieval of CSDM and dependency data with weekly updates and daily red flag calculations.
- Operational Vulnerability Enhancements: Identify the primary origin of operational vulnerabilities to automatically include upstream impacted areas, allowing vulnerability views from all affected perspectives.
- Digital Resilience Incident Reporting: Integrated with Incident Management and Security Incident Response, this module supports classification of incidents as major, triggers automated report generation for regulators within defined timeframes (initial within 24 hours, intermediate within 72 hours, final within 1 month), and categorizes incidents by severity and security ratings.
- User Interface Improvements: New Business Services dashboard and modules for Services, Business Services, Service Offerings, Business Processes, Entity Types, and Pillars are accessible from the Operational Resilience Workspace. Additional classes (Business Service and Offering) have been added to assessment, scenario analysis, and self-attestation forms to enhance evaluation capabilities.
Activation and Compatibility
Operational Resilience must be requested and installed from the ServiceNow Store. It supports modern browsers including Google Chrome, Firefox (including ESR), Microsoft Edge Chromium, and Safari 12.0 or later.
Related ServiceNow Applications
Operational Resilience works alongside several key applications to provide comprehensive risk and continuity management, including:
- Risk Management and Advanced Risk Assessment for identifying and monitoring organizational risks.
- Policy and Compliance Management for governance and regulatory alignment.
- Business Continuity Management to maintain product and service delivery during disruptions.
- Vulnerability Response and Incident Management for security incident lifecycle and remediation.
- Security Incident Response for managing security incidents from detection to recovery.
- Digital Operational Resilience Management for managing DORA-related data.
- Data Registry for exploring relationships among critical data such as controls, risks, and issues.
The ServiceNow® Operational Resilience application supports organizations to help keep business services running during adverse events like pandemics, severe weather, or cyber attacks. Operational Resilience was enhanced and updated in the Yokohama release.
Operational Resilience highlights for the Yokohama release
- Align with the CSDM model to set up configurable main node configurations, which are used to retrieve CSDM and their dependency data.
- Add the primary origin to an operational vulnerability, and the impacted areas are automatically included. The vulnerability can then be viewed from any impacted area.
- All CSDM objects, dependencies, and their red flags can be rolled up based on the entity hierarchy.
- Use Smart Assessment for evaluating an Operational vulnerability.
See Operational Resilience for more information.
New in the Yokohama release
- Measure resilience metrics using the CSDM model
-
Define the entity types and pillars in Operational Resilience and generate the entities. Establish relationships between CSDM objects, including business services, service offerings, business processes, and application services. Specify the type of main node configuration that you want to use by setting the sn_oper_res.opres_csdm_main_node_config property.
After generating the entities and setting up the main node configurations, you can import CMDB data into Operational Resilience for reporting. CSDM and their dependencies are updated weekly while the red flags data is calculated daily. The outcome is displayed on the Homepage or in the related list of the CSDM objects.
- Specify the primary origin of an operational vulnerability
- Identify the primary origin of an operational vulnerability in its record. Once the primary origin is specified, its upstream dependencies are automatically included in the impacted areas, enabling you to view the operational vulnerability from all affected perspectives.
- Using Digital resilience incident reporting
-
Assess whether any critical services are affected and classify the reported incident as a major incident if necessary. Notify regulators of major incidents, categorized by their severity and security ratings.
The Digital resilience incident reporting module, accessible from the Operational Resilience Workspace, is integrated with Incident Management and Security Incident Response to generate and share reports in the format that is specified by the regulators.
You can generate an initial report within 24 hours, an intermediate report within 72 hours, and a final report within 1 month. All of these reports are automatically triggered by the application from the time that the incident is classified as a major incident.
UI changes
- Business services dashboard
- The Business services dashboard has been added to display business services data.
- New modules for services and processes
- The Services, Business Services, Service Offerings, and Business Processes modules have been added to the Operational Resilience Workspace. Operational Resilience managers use these modules to manage the services, business services, service offerings, and business processes used in Operational Resilience reporting.
- Entity Types and Pillars modules
- The Entity Types and Pillars modules have been added to the Operational Resilience Workspace. These modules enable Operational Resilience managers to update the entity types and pillars directly from the Workspace.
- Primary origin tab
- The Primary origin tab has been added to the Operational vulnerability record to identify the main source and report the upstream entities of the vulnerability.
- Addition of classes to the assessment form
- The Business Service and Offering classes have been added to the Scope tab of the assessment form, enabling you to assess the business services and service offerings alongside services. Once the assessment is complete, the importance and impact tolerance of these items are displayed in the Importance and Impact Tolerance columns on the Scope tab.
- Addition of classes to the scenario analysis form
- The Business Service and Offering classes have been added to the Scope tab of the scenario analysis form, enabling you to analyze the business services and service offerings alongside services.
- Addition of classes to the self-attestation form
- The Business Service and Offering classes have been added to the Scope tab of the self-attestation form, enabling you to self-attest the business services and service offerings alongside services.
- Digital resilience incident reporting module
- The Digital resilience incident reporting module is used to report the Information and Communication Technology (ICT) related incidents to the regulators.
Activation information
Install Operational Resilience by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Browser requirements
- Google Chrome
- Firefox and Firefox Extended Support Release (ESR)
- Microsoft Edge Chromium
- Safari 12.0 and later versions