Combined Policy and Compliance Management release notes for upgrades from Vancouver to Yokohama

How to use this page

To help you prepare for your upgrade, we have combined the cross-family Policy and Compliance Management release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Vancouver to Yokohama.

Tip:

If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."

Important information for upgrading Policy and Compliance Management to Yokohama

Before you upgrade to Yokohama, review these pre- and post-upgrade tasks and complete the tasks as needed.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.

New features

Between your current release family and Yokohama, new features were introduced for Policy and Compliance Management.


Release	Release notes
Vancouver	Lite operator license to enhance user operations Assign an indicator task to complete the task to users with the business user lite role in addition to users with the business user role. Users with business user lite role can respond to the indicator task requests. If you are a lite operator and do not have an Operator license, you can still approve policy exceptions, evidence requests, and others. If you are an indicator task owner you can respond to indicator tasks with the lite operator license. You can also do similar tasks in Employee Service Center. Policy knowledge base and quick links in the Employee Center portal View the knowledge base articles of all published policies from the Employee Service Center. Use the quick links in the Policies topic page to report events and raise exceptions on policies with respect to risk, and policy and compliance. Eliminate having to provide repetitive responses for similar attestations by grouping control attestations on the Task pages of Employee Service Center – Risk Portal and on the Compliance Workspace.
Washington DC	Policy authoring using Google Drive Monitor and revise your organization's policies at regular intervals to maintain their relevance and compliance. Integrating Microsoft Word document files with Google Drive helps your policy owners, reviewers, and approvers to author, modify, and maintain different versions of a policy text and thus retain its history. The users can also collaborate on the policy drafting and review processes. The policy text is updated automatically and the text can be copied from a document into the Policy text field in HTML, and then it can be converted to a PDF format later. Set up dynamic approval configuration on a policy record Set up the dynamic approval configuration on a policy record. Define the levels of approvals for dynamic conditions such as policy type, state, and owner in the approval configuration record. Create an approval rule for each approval level by selecting an approver type, source table, and filter condition. You can also set up dynamic approval configuration on a policy that has redlining enabled.
Xanadu	Upload policy document from your local machine to Microsoft OneDrive Upload a Microsoft Word document that exists in your local machine to Microsoft OneDrive and link the document with the policy. You can access the document from any device and enable multiple users to collaborate on the policy document. Create and associate a policy text document in Google Drive Integrate your ServiceNow instance with Google documents to manage documents in Google Drive. Create a Word document in Google Drive that you can access through a browser and store in Google Drive. You also have the option to create a Microsoft Word document that you can manage in Google Drive. Upload policy document from your local machine to Google Drive Upload a Microsoft Word document that exists in your local machine to Google Drive and link the document with the policy to enable multiple users to collaborate on the policy document. Upload policy document from your local machine to Microsoft SharePoint Upload a Microsoft Word document that exists in your local machine to Microsoft SharePoint and link the document with the policy to enable multiple users to collaborate on the policy document. Policy authoring using Microsoft SharePoint Monitor and revise your organization's policies at regular intervals to maintain their relevance and compliance. Integrating Microsoft Word document files with multiple Microsoft SharePoint sites helps your policy owners, reviewers, and approvers to author, modify, and maintain different versions of a policy text and thus retain its history. You can also collaborate on policy drafting and review processes. The policy text is updated automatically. You can copy and paste text from a document into the Policy text field in HTML and then convert it to a PDF format. Using CRI assessment questions to profile an entity Perform a CRI tiering assessment for an entity to determine its tier, and then perform a CRI assessment for that entity. Based on the response to the CRI questionnaire from the assessor, the compliance status of each mapped control to a question is determined. The overall compliance score of the entity is also calculated. User role enhancements in Policy and Compliance Management Respond to policy acknowledgments and request a policy exception from the Employee Center portal with the employee operator role.
Yokohama	Calculate compliance score and roll up to entity View a comprehensive compliance score at the entity level that includes all the child entities rolled up to the parent entity along with the compliance score of the parent entity's direct controls. Elimination of duplicate citations from UCF Shared list download Eliminate duplicate citations associated with the authority documents when you download UCF content. You can retain one citation as active and mark the duplicate citations as inactive. Move the control objectives of the duplicate citations to the active citation, and update the duplicate citation records with the Source ID of the active citation. Improve compliance workspace performance Improved the performance of the compliance workspace by removing the issue widget to ensure a faster and smoother user experience. You can still access issue details from the "Issues Overview" section. Entity based access Entity based access aims to provide a more granular approach to data access, ensuring that users can only access data through entity-based access. The entity-based access has been enabled for controls, attestations and policy exception to control mappings. Administrators can grant access to an entity's related records by adding users or user groups, or by using entity user fields for entity-based access configuration. Deduplication of control objectives Using Generative AI, identify and recommend similar control objectives. You can choose to accept a control objective as duplicate, dismiss those that are not similar, or retain a control objective as primary in which details from all other similar control objectives are merged. Additionally, the system automatically copies related records, including policies and risk statements, to ensure comprehensive information is maintained in one location after retiring the accepted control objectives.

Changes

Between your current release family and Yokohama, some changes were made to existing Policy and Compliance Management features.


Release	Release notes
Vancouver	Workspace record page template upgrade Streamline page creation, simplify maintenance, and minimize the cost of page ownership using the new record page template. If you’re upgrading and have customizations to workspace record pages, see Revert the record page templates to the pre-17.x version. Enhanced user experience while redlining policies Work more quickly with browser pages automatically refreshing after every action that you take in policy redlining. Actions that cause an automatic browser page refresh include creating and associating a Microsoft OneDrive document, importing a policy text, connecting an existing Microsoft OneDrive document, syncing a Word document to view the policy text, providing document access to policy users, and completing publishing checklist and requesting policy approval in the playbook. You can also associate an existing Microsoft Word document to a policy record even if the policy record has a Word document already associated to it. Business user lite role activities through Employee Center Business users with the GRC business user lite role can manage indicator tasks that are in the Open state by selecting the GRC tasks link through the Employee Service Center portal.
Washington DC	Performance enhancements in processing indicator jobs To support parallel processing capabilities, two additional custom queues have been introduced. One is the Indicator Data Queue for processing indicators, and the other is the Supporting Data Queue for handling events related to control, risk, and issue updates. A new job is introduced to collect supporting data, which significantly aids in improving the data handling processes. New fields have been introduced in the Indicator template form to support percentage sampling. To streamline data handling, the data storage system is updated with storing sample data in JSON format. This new approach enables a more structured and efficient storage, enhancing data retrieval process and analysis. The Due date duration (days) field is added in the Indicator template and Indicator forms to capture the due date of the indicator task. Based on this due date, the indicator task owners receive reminder emails. Analytics and Reporting solutions for Policy and Compliance Management in Next Experience UI Framework Starting with version 18.1.0 of the Policy and Compliance Management application, the Analytics and Reporting solutions for Policy and Compliance are available in the Next Experience UI Framework.
Xanadu	Perform CRI tiering questionnaire to determine the tier value of entity In addition to the Entity owner, the Corporate compliance manager [sn_compliance_ws.corporate_compliance_manager], Corporate compliance analyst [sn_compliance_ws.corporate_compliance_analyst], and IT compliance manager [sn_compliance_ws.it_compliance_manager] can trigger CRI tiering questionnaire and initiate CRI profile assessments. UI action button Initiate CRI tiering assessment has been renamed as Initiate CRI tiering questionnaire. UI action button Initiate CRI assessment has been renamed as Initiate CRI profile assessment. Domain separation in GRC: Policy and Compliance Management Now both manually created records and auto-generated records created through scheduled jobs or scripts are domain separated based on their parent object or user domain for all Policy and Compliance Management objects.
Yokohama	Yokohama Patch 11 Some Now Assist skills are now turned on by default The new default behavior works as follows: New customers: When you install a Now Assist product, designated skills are turned on automatically. Existing customers who are upgrading (starting with Yokohama Patch 11): Any previously unconfigured skill is turned on automatically (the skill was never configured and turned on, then turned off again). Previously configured skills that were turned on, then off, remain inactive. Changes to Now Assist usage measurement

Removed

Between your current release family and Yokohama, some Policy and Compliance Management features or functionality were removed.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Deprecations

Between your current release family and Yokohama, some Policy and Compliance Management features or functionality were deprecated.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	GRC DevOps Accelerator is now deprecated and no longer supported or available for new activation. For details, see the Deprecation process [KB0867184] article in the Now Support Knowledge Base.

Activation information

Review information on how to activate Policy and Compliance Management.


Release	Release notes
Vancouver	Install GRC: Policy and Compliance Management by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Washington DC	Install GRC: Policy and Compliance Management by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Xanadu	Install Policy and Compliance Management by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Yokohama	Install Policy and Compliance Management by requesting it from the ServiceNow Store.

Additional requirements

If any additional requirements were introduced or changed for Policy and Compliance Management we have noted them here.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Browser requirements

If any specific browser requirements were introduced or changed for Policy and Compliance Management we have noted them here.


Release	Release notes
Vancouver	Policy and Compliance Management requires the latest public release and two previous release versions of the following browsers: Google Chrome, Firefox and Firefox ESR, and Microsoft Edge Chromium Safari 12.0 and later versions
Washington DC	GRC: Policy and Compliance Management requires the latest public release and two previous release versions of the following browsers: Google Chrome Firefox and Firefox Extended Support Release (ESR) Microsoft Edge Chromium Safari 12.0 and later versions
Xanadu	GRC: Policy and Compliance Management requires the latest public release and two previous release versions of the following browsers: Google Chrome Firefox and Firefox Extended Support Release (ESR) Microsoft Edge Chromium Safari 12.0 and later versions
Yokohama	GRC: Policy and Compliance Management requires the latest public release and two previous release versions of the following browsers: Google Chrome Firefox and Firefox Extended Support Release (ESR) Microsoft Edge Chromium Safari 12.0 and later versions

Accessibility information

Review details on accessibility information for Policy and Compliance Management, such as specific requirements or compliance levels.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Localization information

If there are specific localization considerations for Policy and Compliance Management we have noted them here.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Highlight information

If there are specific highlight considerations for Policy and Compliance Management we have noted them here.


Release	Release notes
Vancouver	Consolidate similar issues created on controls, control objectives, authority documents, engagements, and policies, resolve them quickly, and reduce the number of open issues in an organization. Perform a test on a common control and implement its results on multiple reliant entities instead of testing each entity with its own control to reduce time and effort, especially when new systems are deployed and pre-validations are conducted. Use the IT compliance workspace to manage your organization's IT-related compliance activities. See Policy and Compliance Management for more information.
Washington DC	Revise your policies and update the policy text periodically by integrating with Google Drive. Use policy authoring and the redlining feature to enable policy owners and reviewers to collaborate, review, and redline policies. Set up the dynamic approval configuration on a policy record. Define the approval levels and rules based on different dynamic conditions, such as policy type, source table, state, and filter conditions. See Policy and Compliance Management for more information.
Xanadu	Revise your policies and update the policy text periodically by integrating with Microsoft SharePoint. Use policy authoring and the redlining feature to enable policy owners and reviewers to collaborate, review, and redline policies. Perform a Cyber Risk Institute (CRI) assessment on a company as an entity to determine its control status and calculate the assessment score. Use the employee operator role introduced in Policy and Compliance Management for operations in Employee Center. See Policy and Compliance Management for more information.
Yokohama	View the compliance score at the entity level based on the hierarchy of entities. Eliminate duplicate citations associated with the authority documents when you download UCF content. Revise your policies and update the policy text periodically by integrating with Microsoft SharePoint. Enable policy owners and reviewers to collaborate, review, and redline policies by using policy authoring and the redlining feature. The Issues widget has been removed from the Compliance Workspace landing page to enhance the performance. Enable data access by implementing Entity-Based Access controls. Recommend similar control objectives using generative AI. You can then retain, dismiss, or merge duplicate control objectives. See Policy and Compliance Management for more information.