Entity types

  • Release version: Xanadu
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Entity types

    Entity types in ServiceNow are groupings of entities based on specific filter conditions, allowing you to organize entities efficiently within entity classes. They enable hierarchical structuring and help automate the creation and management of risks and controls associated with these entities. This feature simplifies managing complex organizational structures by grouping related entities, such as departments or business lines, and automating risk and control assignments.

    Show full answer Show less

    Key Features

    • Grouping and Hierarchy: Create entity types to group entities like departments or divisions and organize them hierarchically within entity classes.
    • Automated Risk and Control Creation: Associate control objectives and risk statements with entity types so that related risks and controls are automatically generated for all entities within the type.
    • Entity Filters: Use entity filters to define the data source and conditions for entities included in an entity type. Filters can be built manually or selected from predefined Configuration Management Database (CMDB) queries.
    • Ownership and Classification: Assign owners and entity classes at the entity type level, which automatically apply to all entities created through that type.
    • Risk Score Aggregation: Grouping entities facilitates rolling up and aggregating risk scores from lower-level entities to higher organizational levels, supporting comprehensive risk reporting.
    • Comprehensive Related Information: Entity types include related lists for managing entities, filters, risk frameworks, risk statements, policies, control objectives, policy exceptions, content references, privacy assessments, and attachments.

    Practical Benefits for ServiceNow Customers

    By using entity types, ServiceNow customers can streamline entity management and risk control processes, eliminating the need for multiple spreadsheets and manual updates. They can quickly create and maintain entities that align with organizational structure and risk frameworks, ensuring consistent risk assessments and compliance tracking. The automatic roll-up of risk scores supports better visibility and reporting across business units, enhancing governance and decision-making.

    Creating and Managing Entity Types

    To create an entity type, define the appropriate filters that specify the entities to include based on tables and conditions. Assign the relevant owner, entity class, and associate risk frameworks and controls. The system then automatically applies these settings to all entities created under the entity type, ensuring standardized configuration and efficient risk and control management.

    Entity type is a grouping of the entities that match a set of filter conditions. You can create a hierarchy of the entity types within the entity classes. The Entity types option is displayed under the Lists view in the workspace. Click an entity type to display its details.

    An entity type is a grouping of entities that is based on filtering. Entity types enable you to find and create entities that match a set of filter conditions. Hierarchy can be created within the entity classes. Entity types also enable you to create risks and controls for each entity without spending much time. For example, an organization can have multiple departments, such as finance, HR, or IT. All these departments can be considered as entities and can be grouped under the entity type called Departments.

    Within an entity type, you can assign an owner and an entity class. You can associate a control objective and risk statements to the entity type so that risks and controls get automatically created for those entities. For every entity created using the entity type, the configuration and filter are applied so that the entity class and entity owner get automatically assigned for each entity.

    When you create entity types and associate risk statements and control objectives to them, the risk and controls are automatically created for all the entities. The benefit of creating entity types is that it eliminates the need for maintaining multiple spreadsheets with the associated risks and controls for each entity. By applying entity types, you can quickly create entities by using the entity filters that are present within the entity types. Entity types can contain entities associated with different classes.

    Grouping entities also helps in rolling up and aggregating the risk scores after risk assessments are performed. To understand how grouping entities contribute to rolling up the risk scores, consider the following example. Assume that there's a banking organization called Acer Finance. Acer Finance has two business lines: Banking and Retail. The Banking division has further subdivisions such as Commercial Banking and Private Banking. The risk assessments are generally performed at the bottom-most level. In this example, the assessment is performed at the Commercial Banking and Private Banking levels. The reporting, however, is done at the top-most level. This means that the risk assessment scores of Commercial Banking and Private Banking roll up and aggregate at the Banking level. Similarly, the scores of the Banking and Investment roll up to the Acer Finance organization level.

    Entities in entity type are created based on the conditions set in the Entity Filter. In entity filters, the following filter conditions are defined:
    • Build your own conditions: The entity filter defines the table from which the data is pulled into each entity type for display. Options in the Entity filter related list under Entity Type are revised such that Build your own conditions is same as the previous condition builder.
    • Select from predefined queries: A new option is introduced as Select from predefined queries that uses the Configuration Management Database (CMDB) queries.
    The Details tab in the Entity type page displays the following information:
    • Name
    • Compliance Score (%)
    • Check box condition to display if the entity type is active
    • Description
    The Entity type page displays the following related lists:
    Table 1. Related lists in the Entity type section
    Related list Description
    Entities Information on the entities:
    • Entity
    • Description
    • Class
    • Owned by
    • Residual rating
    • Compliance Score (%)
    Entity Filters Information on the entity filters:
    • Entity filter type
    • Table
    • Filter condition
    • Use owner field
    • Owner field
    Risk frameworks Details of the risk framework. Click Add to add a new risk frameworks record.
    Risk Statements Details of the risk statements such as Risk Statement, Framework, Category, and Description.
    Policies Details of the policies such as number, name, Type, Owner, State, Valid from, Valid to, and Compliance Score percentage.
    Control Objectives Details of the control objectives such as Control objective, Category, Type, Classification, and Compliance Score percentage.
    Entity Filters Details of the entity filter such as Entity Filter type, Table, Filter Condition, Query, Information objects, Use owner field, Owner field.
    Policy Exceptions Details of the policy exceptions.
    Content References Details of the content references.
    Privacy assessments Details of the privacy assessments for the entity type.
    Attachments Attachments associated with the entity type displayed in the side panel.