Download Advanced Risk

Washington DC Governance, Risk, and Compliance
Release
washingtondc
ft:locale
en-US
ft:publication_title
Washington DC Governance, Risk, and Compliance
ft:clusterId
grc
bundleId
grc
workflow
Technology
  • Governance, Risk, and Compliance
  • GRC and the ServiceNow Store
  • Download a GRC application from the ServiceNow Store for the first time
  • Get entitlement for a GRC product or application
  • Activate an entitled GRC ServiceNow Store application
  • Install GRC content packs and integrations
  • Update a GRC application previously downloaded from the ServiceNow Store
  • Upgrade your instance to the next GRC family release
  • Audit Management
  • Exploring Audit Management
  • Configuring Audit Management
  • Setup checklist for the GRC Audit Management application
  • Download Audit Management
  • Quick start tests for Audit Management
  • Setup checklist for the GRC Advanced Audit application
  • Using Audit Management
  • Create an audit report template
  • Manage test templates and test plans
  • Create a test template
  • Relate a test template to a control objective
  • Create an audit test plan
  • Create multiple test plans from a test template
  • Manage engagements
  • Audit task management
  • Create an engagement
  • Generate an audit report from an engagement
  • Create an engagement from a previous engagement
  • Create a control test from an engagement
  • Automatically generate control tests from an engagement
  • Create an audit task activity
  • Create an interview
  • Create a walkthrough
  • Generate a KB article from an engagement
  • Approve or reject an engagement
  • Add entities to an engagement scope
  • Use the Audit Engagement Workbench to visually manage engagements
  • Create an engagement from Audit Workbench
  • Manage your documents and work papers with Audit Management as cloud files
  • Complete the prerequisites to manage your documents using Microsoft
  • Create a Cloud file configuration on engagements and audit tasks
  • Create a Cloud file configuration record
  • Cloud file configuration record form
  • Create a File access permission record to manage the permissions
  • File access permission record form
  • File access permissions
  • Upload a file to cloud
  • Link to a cloud file
  • Link a reference cloud file
  • Mark a cloud file as a non-sharable file
  • Mark a cloud file as a sharable file
  • Remove a linked cloud file from a record
  • Manage GRC key risk and control indicators
  • Engagement Overview
  • Create a GRC indicator
  • Create a GRC indicator template
  • Confidentiality flag for audit and compliance records
  • Manage audit issues and remediation
  • Manually create GRC issues
  • Issue form
  • Evidence request
  • Evidence request workflow and users
  • Request evidence for audit
  • Provide requested evidence
  • Approve evidence before evidence review
  • Accept, reject, or cancel evidence request
  • Audit plan overview
  • Create an audit plan
  • Approve a plan
  • Create an engagement with advanced planning
  • Add auditors for an engagement from resource plans
  • Create an auditable unit
  • Audit types
  • Manage milestones
  • Create an engagement milestone
  • Create a milestone from an audit task
  • Audit observations
  • Roll up expenses and resources in an engagement
  • Integrating Audit Management with Time Card management
  • Audit Workspace
  • Audit Workspace for the Audit supervisor
  • Create a test template in Audit Workspace
  • Create a test plan in Audit Workspace
  • Create a plan in the Audit Workspace
  • Create an audit engagement in Audit Workspace
  • Manage an engagement from the overview page
  • Create an auditable unit and scope entities at risk
  • Create a milestone for an engagement
  • Audit task management in Audit Workspace
  • Create a control test from an engagement
  • Create an activity in the Audit Workspace
  • Create an interview in Audit Workspace
  • Create a walkthrough in the Audit Workspace
  • Add entities to an engagement scope and validate the engagement
  • Create an issue for an engagement
  • Request evidence during audits using Audit Workspace
  • Audit observations in Audit Workspace
  • Create an observation for an engagement
  • Approve or reject an engagement in Audit Workspace
  • Generate a report from an engagement in Audit Workspace
  • Audit Workspace for the Auditor
  • Update an assigned control test in Audit Workspace
  • Update other assigned audit tasks in Audit Workspace
  • Create an observation for an audit task
  • Matrix report in Audit Workspace
  • Configure matrix report registry to set up base table for audit matrix report
  • Matrix relationship form
  • Configure target table fields as columns for matrix report
  • Matrix column configuration form
  • Create matrix report configuration for Audit Workspace
  • Matrix report configuration form
  • View matrix report in landing page and record page of Audit Workspace
  • Analytics and Reporting Solutions for Audit Management
  • Audit Engagement Overview Performance Analytics dashboard
  • Audit Manager Performance Analytics dashboard
  • Audit Management reference
  • Components installed with Audit Management
  • Roles required for Engagement project planning for Project Portfolio Management
  • Roles required for Advanced planning capability and Project Portfolio Management integration
  • Domain separation and Audit Management
  • Business Continuity Management
  • Exploring Business Continuity Management
  • BCM Configurable Workspace
  • Home page view
  • My tasks page view
  • List view
  • Crisis map view
  • Business impact analysis
  • Use cases for business impact analysis
  • Business impact analysis (BIA) templates
  • Grid configurations and categories
  • Business continuity planning
  • Assets and plans related to a business continuity plan
  • Recovery teams, loss scenarios, and recovery tasks
  • Element definitions and variables
  • Exercises
  • Crisis events
  • Crisis map interface
  • Emergency notifications in Everbridge notifications system
  • Business Continuity Management use cases
  • Configuring Business Continuity Management
  • Business Continuity Management and the ServiceNow Store
  • Get entitlement for the Business Continuity Management application
  • Install Business Continuity Management from ServiceNow Store
  • Business Continuity Management lite operators
  • General administration setup for BCM
  • Dependency Configuration records
  • Configuring the impact analysis dependency updates
  • Configure the Impact analysis dependency update configuration record
  • Impact analysis dependency update configuration form
  • Configuring the planning dependency updates
  • Configure the Planning dependency update configuration record
  • Planning dependency update configuration form
  • Configuring the sources for adding the event dependencies
  • Configure the Event dependency source configuration record
  • Event dependency source configuration form
  • Configure an impact category for the business impact analysis
  • Impact Category record form
  • Configuring the documentation section of the business continuity plan
  • Configure the documentation section for a business continuity plan
  • Documentation Section record form
  • Configure an element definition for Business Continuity Management
  • Element definition record form
  • Configure an element variable for an element definition
  • Element variable record form
  • Configure a loss scenario in your business continuity plan
  • Loss Scenario record form
  • Configure an impact rating to assess the impact category
  • Impact Rating record form
  • Configure a recovery tier for the business impact analysis
  • Recovery Tier record form
  • Set up a recovery timeframe for a recovery tier
  • Configure a grid category for the grid configuration
  • Grid category record form
  • Configure the grid for the BIA dependency assessment
  • Grid configuration record form
  • My tasks page configurations
  • Approval configuration
  • Set up approval configuration
  • Set up approval levels
  • Set up approval rules
  • BCM properties
  • Properties installed with Business Continuity Management
  • Setup for a business impact analysis
  • Configure a BIA template
  • BIA template form
  • Setup for business continuity plan
  • Configuring the plan template for the business continuity plan
  • Configure a business continuity plan template for your business
  • Plan Template form
  • Setup for Everbridge notifications
  • Create a connection and authenticate the credential with Everbridge
  • Create Connection and Credential form
  • Import the delivery channels from Everbridge
  • Import the record types from Everbridge
  • Create a template for an emergency notification
  • Notification Template form
  • Create the contacts for an emergency notification
  • Contact form
  • Create the contact import rules
  • Contact Import Rules form
  • Create a notification contact group
  • Notification Contact Group form
  • Setup for Crisis map
  • Customization Properties for Google Maps
  • Customization Properties table for Google Maps
  • Google Maps APIs used in the Fam-map component in Crisis map
  • Configure a Scheduled Data Imports record
  • Scheduled Data Imports form
  • Configure a Resource Configuration record for Crisis map
  • Resource Configuration form
  • Configure an alert rule in Crisis map
  • Alert Rules form
  • Configure an alert action in Crisis map
  • Alert Action form
  • Format the PDF templates for BIAs, BCPs, and Events
  • Configure 360° relationship registries and views
  • Setup by system administrators
  • Update the number of the records for a reference field
  • Update the number of the element definitions for dependency assessment
  • Application menu options for Business Continuity Management users
  • Setup for the UI Builder
  • Setup for BCM and CSDM tables
  • Business Continuity Management implementation
  • Managing business continuity workflow tasks in BCM Configurable Workspace
  • Structured workflows for Business Impact Analysis in BCM Configurable Workspace
  • States and UI actions associated with a business impact analysis
  • Impact categories and ratings
  • Recovery time objective, Recovery point objective, and Recovery tiers
  • Calculating the recovery time objective and recovery point objective
  • Configuring the Dictionary, UI policy, element variables, and UI view
  • Create a business impact analysis
  • Create New Impact analysis form
  • Schedule an auto-update of the dependencies
  • Update the BIA dependencies
  • Assess the impact categories and dependencies
  • Approve the business impact analysis
  • Update dependency details of a BIA in Self-Service
  • Visualize the 360° relationships for a business impact analysis
  • Generate the PDF of a business impact analysis
  • Structured workflows for Business Continuity Planning in BCM Configurable Workspace
  • States and UI actions for a business continuity plan
  • Create a business continuity plan
  • Create New Plan form
  • Schedule an auto-update of the related assets
  • Update the planning dependencies
  • Add an asset and scope to the business continuity plan
  • Create a documentation section
  • Add the related plan and recovery team
  • Associating related plans to a recovery task
  • Add a loss scenario
  • Add a recovery strategy for the related asset dependencies
  • Create New Recovery strategy form
  • Add a recovery task to the plan
  • Create New Recovery task form
  • Automate the recovery task in the plan
  • Create a subflow form
  • Submit the business continuity plan for an approval
  • Visualize the 360° relationships for a business continuity plan
  • Generate the PDF of a business continuity plan
  • Structured workflows for Exercise Management in BCM Configurable Workspace
  • States for an exercise and crisis event
  • Create an exercise
  • Create Exercise Event form
  • Using nested plans in an event
  • Adding the dependencies of the impacted assets
  • Update the event dependencies
  • Track the impacted assets and add a related plan to the exercise
  • Add a task to the exercise
  • Create New Event Task form
  • Import the automated task in an exercise
  • Approve the exercise
  • View your recovery tasks from Self-Service
  • Visualize the 360° relationships for an exercise and crisis event
  • Generate the PDF of an exercise or crisis event
  • Structured workflows for Crisis Management in BCM Configurable Workspace
  • Start a crisis event
  • Create Crisis Event form
  • Using nested plans in an event
  • Track the impacted assets and add a related plan
  • Add a task to the crisis event
  • Import the automated task in an event
  • Approve the crisis event
  • Structured workflows for Crisis map in BCM Configurable Workspace
  • Adopting the UIB page for Crisis map
  • Manage the alerts in Crisis map
  • Set controls in Crisis map to customize the alerts
  • Select layer clustering in Crisis map
  • Monitor the assets within the impacted area in Crisis map
  • Initiate response workflows for crisis management
  • Sending emergency notifications with Everbridge
  • Workflow status of an emergency notification
  • Create an emergency notification
  • Create New Notification form
  • Using BCM classic Workspace
  • Customizing the Business Continuity Management classic Workspace
  • Migrating reports and custom changes to BCM UIB Workspace
  • Structured workflows for Business Impact Analysis
  • Create a business impact analysis
  • Assess impact categories and dependencies of a business process
  • Review an impact category and assess its recovery time
  • Assess RPO impact of technology assets on the business
  • Identify critical dependencies to prioritize recovery plans
  • Add dependencies based on CI relationships in CMDB
  • View business impact analysis details
  • View approval state flows for a business impact analysis
  • Update dependency details of a BIA in Self Service as a contributor
  • Structured workflows for Business Continuity Planning
  • Create a business continuity plan from a plan template
  • View plan details in scorecards
  • Plan overview scorecards for plan usage details
  • Add an asset to the scope of a business continuity plan
  • Add related assets and related plans
  • Create and manage plan documentation sections
  • Assign roles and responsibilities to recovery teams
  • Identify loss scenarios and align them to a business continuity plan
  • Establish recovery strategies for critical asset dependencies
  • Create, update, and group recovery tasks
  • View the general details of a business continuity plan
  • View approval state flows for a business plan
  • Structured workflows for Exercise and Crisis Management
  • Start an exercise event
  • Start a crisis event
  • Review event details and start an exercise event
  • Manage a crisis event
  • View event details and monitor event task completion
  • Add impacted assets and plans to an event
  • Data flow, planning, execution, and recovery of related plan assets in an event
  • View your recovery tasks from Self-service
  • Crisis Management map
  • Setting up the crisis map
  • Configure search for places in crisis map
  • Configure scheduled data imports for crisis map
  • Configure a resource for crisis map
  • Configure alert rules to display alerts in crisis map
  • Configure an alert action
  • View and manage alerts in the crisis map interface
  • Set controls to customize alerts on the map dynamically
  • View resource layer clustering
  • View assets at risk within the impacted area
  • Notify stakeholders and initiate Crisis Management response workflows
  • Integrating Crisis Management with Everbridge notifications system
  • Setup steps for emergency notification
  • Create connection and authenticate credential with Everbridge
  • Import delivery channels from Everbridge
  • Import record types from Everbridge
  • Define a template for emergency notification
  • Create contacts for emergency notifications
  • Create contact import rules
  • Create a notification contact group
  • Create an emergency notification and monitor its workflow in the workspace
  • Workflow status of the emergency notification
  • Business Continuity Management reference
  • Components installed with Business Continuity Management
  • Data Relationships Framework
  • Create a main node configuration record
  • Main node configuration new record form
  • Create a relationship registry record
  • Relationship registry new record form
  • Configure the properties for the Data Relationships Framework
  • Data Relationships Framework properties form
  • Domain separation and Business Continuity Management
  • GRC record page template for BCM records
  • Stepper component in the Overview tab of the records
  • Compliance Case Management
  • Exploring Compliance Case Management
  • Compliance case workflow
  • Compliance request workflow
  • Compliance Case Management landing page
  • Using the compliance case overview related list
  • Smart assessments in Compliance Case Management
  • 360° Relationship Visualization of a compliance case
  • Configuring Compliance Case Management
  • Download Compliance Case Management
  • Install Compliance Case Management
  • Create a case type
  • Case Type form
  • Create a view rule
  • View Rule form
  • Create an assignment rule
  • Assignment Rule form
  • Create a request type
  • Request type form
  • Create a state model to define the workflow states and transitions
  • GRC State Model form
  • Create a workflow state for a compliance case or request
  • Workflow State form
  • Define the model state transitions for a compliance case or request
  • GRC Model State Transition Condition form
  • Create an assessment template
  • Assessment Metric Type form
  • Using Compliance Case Management
  • Reporting a compliance case in GRC: Compliance Case Management
  • Report a compliance case from the Employee Center
  • Report a Compliance Case form
  • Create a compliance case in the Compliance Workspace
  • Compliance Case form
  • Raising a compliance request in GRC: Compliance Case Management
  • Raise a compliance request from the Employee Center
  • Raise a Compliance Request form
  • Create a compliance request in the Compliance Workspace
  • Compliance request form
  • Compliance case task workflow
  • Create a case task
  • Case task form
  • Work on a case task
  • Reassign an Assessment type case task
  • Review and close a case task
  • Add an impacted area to a compliance case
  • Add a related area to a compliance case
  • Add a cause and consequence to a compliance case
  • Cause and Consequence form
  • Add compliance regulations to a compliance case
  • Add or create an issue for a compliance case
  • Create an Issue form
  • Export a report to PDF
  • Perform smart assessment on action tasks
  • Compose emails in GRC: Compliance Case Management
  • Compliance Case Management reference
  • Tables installed with Compliance Case Management
  • Roles installed with Compliance Case Management
  • Continuous Authorization and Monitoring
  • Understanding Continuous Authorization and Monitoring
  • Continuous Authorization and Monitoring implementation
  • Setup checklist for Continuous Authorization and Monitoring
  • Download Continuous Authorization and Monitoring
  • Assign Continuous Authorization and Monitoring roles to your users
  • Prepare the authorization package
  • Define authorization boundaries
  • Create an authorization package
  • Categorize the authorization package
  • Select controls for an authorization package
  • Set up baseline controls to generate controls and implement requirements
  • Inherit from a common control
  • Implement controls
  • Assess, authorize, monitor, and generate reports
  • Understanding assessment objectives in CAM
  • Generate assessment procedure plans for a test plan
  • Determine control effectiveness of a control test
  • Defining a control's requirements at the level of control objective
  • Control requirement details in the CAM view of Control objective and Control forms
  • Modify control requirement's implementation status at the control level
  • Impact of associated compliance objects on control requirements
  • Control requirement generation and upgrade steps
  • Monitoring and managing security from the CAM Workspace Home page
  • Monitor and manage CAM tasks
  • Managing POA&Ms issues
  • View reports on authorization boundary elements
  • View package details in CAM Workspace
  • View dashboards in CAM Workspace
  • Generate ATO artifacts for an authorization package
  • CAM supports export of Catalog, Profile, and SSP in OSCAL format
  • Generate zip files and export data in OSCAL format
  • Analytics and Reporting Solutions for CAM
  • Continuous Authorization and Monitoring overview reports
  • Reports available from the CAM Overview module
  • Reports available from the AO Overview module
  • Reports available from the SCA Overview module
  • Operational Resilience
  • Exploring Operational Resilience
  • Dependencies for Operational Resilience
  • Common Service Data Model for Operational Resilience
  • CSDM data workflow and business model views
  • Configuring Operational Resilience
  • Setting up the Operational Resilience application
  • Download Operational Resilience application
  • Assign Operational Resilience roles to your users
  • Setting up the Operational vulnerability module
  • Set up the Operational vulnerability type
  • Vulnerability Type form
  • Set up the State model and Action task model
  • GRC state model form
  • Define the state transitions model
  • Set up the Vulnerability Assessment Template
  • Assessment metric type form
  • Set up the Document Template
  • HTML Template form
  • Completing general administrative tasks
  • Configure Operational Resilience properties
  • Create entity types and pillars and generate the entities
  • Set up an entity type from the Core UI (UI16) view
  • Entity Type New record form
  • Set up a pillar from the Core UI (UI16) view
  • GRC Choices form
  • Create a scenario and link it to an event
  • Scenario New record form
  • Create an event group for the scenario
  • GRC Choice New record form
  • Create an event for the scenario
  • Event New record form
  • Add a participant role for the scenario analysis
  • GRC Choice New record form
  • Update the Important choices module
  • GRC Choices form
  • Set up the Importance and Impact Tolerance Rating Scale
  • Rating Scale New Record form
  • Create and edit the attestation template
  • Assessment Metric Type New Record form
  • Create a Smart Assessment template
  • Create a custom questionnaire template
  • Assessment Metric Type form
  • Create a customized HTML document template
  • HTML Template form
  • Showing the tabs in the Workspace view
  • Setting up the Main node configurations
  • Configuring relationships between CSDM objects
  • Configure relationships for business services, processes, offerings, application services
  • Set up the relationship registry
  • Configure property for the Business services or Services configuration
  • Set up the Main node configuration
  • Update the node relationship configuration
  • Opres with CSDM header Main node configuration
  • Service (CMDB) Main node configuration
  • Business process to dependencies Main node configuration
  • Business service to dependencies Main node configuration
  • Service offering to dependencies Main node configuration
  • BCM dependencies related Main node configurations
  • Configure 360º views for services and processes
  • Managing Operational Resilience
  • Fetching dependencies from the CMDB and BIA
  • Analyzing the importance and impact tolerance of a service
  • Create an Importance and impact tolerance assessment for a business service
  • Create New Importance and impact tolerance assessment form
  • Add a service and begin the Importance and impact tolerance assessment
  • Submit the Importance and impact tolerance assessment for the business service
  • Request an approval for the Importance and impact tolerance assessment
  • Close the Importance and impact tolerance assessment
  • Performing a scenario analysis
  • Create a scenario analysis for a business service
  • Create New Scenario analysis form
  • Request a plan approval for your scenario analysis
  • Approve the plan for the scenario analysis
  • Adding a scenario event to the analysis
  • Add a scenario event to the scenario analysis
  • Scenario event form
  • Scenario analysis response task form
  • Add a participant to the scenario analysis
  • Add a service to your scenario analysis
  • Associate an issue with the scenario analysis
  • Request an analysis approval for the scenario analysis
  • Close the scenario analysis
  • Self-attesting the services
  • Create an assessment for a self-attestation
  • Create New Self attestation form
  • Submit a self-attestation to certify the status of the services
  • Gathering data aligned with the latest CSDM setup
  • Data setup for services or business services
  • Add a service to Operational Resilience reporting
  • Create New Service form
  • Add a business service to Operational Resilience reporting
  • Create New Business Service form
  • Add a service offering to Operational Resilience reporting
  • Create New Offering form
  • Add a business process to Operational Resilience reporting
  • Create New Business Process form
  • Verify the Main node configurations and relationships
  • Execute the scheduled jobs
  • Configure an end-to-end workflow for the business service
  • Configure an end-to-end workflow for the service
  • Managing Operational vulnerability
  • Operational vulnerability
  • Reporting Operational vulnerability
  • Report an operational vulnerability from the Employee Center
  • Report operational vulnerability form
  • Assign the reported vulnerability to an analyst
  • Report an operational vulnerability from the module
  • Create New Operational vulnerability form
  • Report an operational vulnerability from the Importance assessment
  • Report an operational vulnerability from the Scenario analysis
  • Report an operational vulnerability from the Self-attestation module
  • Report an operational vulnerability from the Service record
  • Add primary origin
  • Primary origin form
  • Add impacted area
  • Impacted area form
  • Update the state of the operational vulnerability
  • Creating an action task for the operational vulnerability
  • Manage an assessment-type action task
  • Create New Action task form
  • Reassign or accept the assigned action task
  • Perform an assessment on the action task
  • Manage an investigation-type action task
  • Request an approval for the action task
  • Decide the treatment and perform a root cause analysis
  • Add or create an issue for the operational vulnerability
  • Request an approval
  • Approve the operational vulnerability
  • Close the operational vulnerability
  • Maintaining Digital resilience third-party registers
  • Exploring Digital resilience third-party registers
  • Use cases for updating the information registers
  • Configuring Digital resilience third-party registers
  • Creating and reviewing the records
  • Create records in bulk
  • Update existing records in bulk
  • Display the help tips on the forms
  • Using Digital resilience third-party registers
  • Create a legal entity and enhance digital resilience data
  • Create New Company form
  • Create New Legal entity form
  • Create a branch and enhance digital resilience data
  • Create New Branch form
  • Create a function and enhance digital resilience data
  • Create New Function form
  • Create a third party and enhance digital resilience data
  • Create New Company form
  • Create New ICT third-party service provider form
  • Create a contract and enhance digital resilience data
  • Create New Contract form
  • Create New Contractual arrangement form
  • Create a supply chain and enhance digital resilience data
  • Create New ICT service supply chain form
  • Create an assessment and enhance digital resilience data
  • Create New Assessment of the ICT service
  • Create Microsoft Excel upload and download request
  • Create New Excel download/upload request form
  • Digital resilience incident reporting in Operational Resilience
  • Exploring Digital resilience incident reporting
  • Configuring the conditions to auto-trigger incident reporting
  • Using Digital resilience incident reporting
  • Reporting incidents from SOW and SIR Workspace in DRIR
  • Report a major incident from Incident Management
  • Report a major incident from Security Incident Response
  • Report a major incident manually
  • Create New Digital Resilience Incident form
  • Creating or adding an issue
  • Create New Issue form
  • Landing page and dashboard views
  • Resilience metrics
  • Business services overview tab
  • Services overview tab
  • Pillars overview tab
  • Task page and List view
  • Operational Resilience reference
  • Properties installed with Operational Resilience
  • Roles installed with Operational Resilience
  • Scheduled jobs installed with Operational Resilience
  • Script includes installed with Operational Resilience
  • Tables installed with Operational Resilience
  • Tables relevant to CSDM
  • Tables relevant to Operational vulnerability
  • Digital resilience third-party registers reference
  • Roles installed with Digital resilience third-party registers
  • Tables installed with Digital resilience third-party registers
  • Digital resilience incident reporting reference
  • Roles installed with Digital resilience incident reporting
  • Script includes installed with Digital resilience incident reporting
  • Tables installed with Digital resilience incident reporting
  • Applications provided with IRM Pro and BCM Pro SKUs
  • Policy and Compliance Management
  • Exploring Policy and Compliance Management
  • Structural overview of Policy and Compliance Management
  • An overview of policy life cycle in Policy and Compliance Management
  • Implementing Policy and Compliance Management
  • Implement setup checklist for the GRC: Policy and Compliance Management application
  • Download GRC: Policy and Compliance Management
  • Quick start tests for Policy and Compliance Management
  • Perform Policy and Compliance Management administration
  • Assign Policy and Compliance Management roles to your users
  • Set Policy and Compliance Management properties
  • Policy and Compliance Management mandatory setup
  • Create a policy
  • Create a control objective
  • Relate a control objective to a policy
  • Create a control attestation using the Attestation Designer
  • Create a control indicator
  • Policy and Compliance Management enhancement steps
  • Create a GRC article template
  • Create or deactivate a citation
  • Set notification properties
  • Set up GRC Virtual Agent for requesting an exception to a policy or a control objective
  • Allow policy exception requests from other applications
  • Configure policy exceptions from other applications
  • Register other applications to request policy exceptions
  • Define policy exception reason choices
  • Define policy categories
  • Create an exception questionnaire
  • Define policy exception verification rules
  • Define policy exception approval rules
  • Using the Classic user interface for Policy and Compliance tasks
  • Manage policies and control objectives
  • Create a policy
  • Approve and publish a policy
  • Acknowledge a policy
  • Retire a policy
  • Create a GRC article template
  • Create a control objective
  • Deactivate a control objective
  • Relate a control objective to a policy
  • Relate a control objective to a citation
  • Create or deactivate a citation
  • Create an authority document
  • Deactivate an authority document
  • Manage policy exceptions and extensions
  • Request a policy exception
  • Request an extension
  • Review the policy exception and extension request
  • Request a policy exception through Service Portal
  • Request a policy extension through Service Portal
  • Policy Exception Integration with Vulnerability Response
  • Manage issues in Policy and Compliance Management
  • Manually create GRC issues
  • Group similar issues under a new parent issue
  • Group similar issues under an existing parent issue
  • User hierarchy access control for issue and remediation task records
  • Report self-identified issues via the Service Portal
  • Triage a self-identified issue
  • Remediate an issue in Policy and Compliance Management
  • Manage the UCF integration
  • Activate Compliance UCF
  • Configure the UCF integration using a UCF-supplied API key
  • Configure the UCF integration using the UCF Common Controls Hub
  • Integrate with UCF Common Controls Hub to manage compliance frameworks
  • Create a Now Support Case for UCF-CCH account integration information
  • Download a UCF shared list
  • Elimination of duplicate citations from UCF Shared list download
  • Manage controls
  • Create a control
  • Follow a control
  • Attest a control
  • Multiple controls for a unique entity–control objective combination
  • Manage control attestations
  • Manage control indicators
  • Monitor controls using GRC Performance Analytics Indicators
  • Manage evidence requests
  • Evidence request workflow and users
  • Request evidence during audits
  • Reuse existing evidence from the related items of an engagement
  • Provide requested evidence
  • Approve evidence before evidence review
  • Accept, reject, or cancel evidence request
  • Review related evidence
  • Managing GRC tasks from Employee Center
  • Report a GRC issue from Employee Center
  • Create a policy exception from Employee Center
  • Complete control assessments from the Employee Center portal
  • Policy knowledge base and quick links in the Employee Center portal
  • Group assessments for similar assessments in Employee Center
  • Performing compliance tasks in Compliance Workspace
  • GRC Compliance Workspace
  • Compliance Home page for the compliance manager
  • Compliance Home page for the compliance analyst
  • Compliance Home page for the IT compliance manager
  • Configuring GRC Compliance Workspace
  • Configuration steps to filter IT-related data for IT Compliance Home page
  • Using the Compliance Workspace
  • Manage control objectives and policies using the Compliance Workspace
  • Create a policy using the Compliance Workspace
  • Manage compliance of a policy from the overview page
  • Approve and publish a policy using the Compliance Workspace
  • Acknowledge a policy using the Compliance Workspace
  • Set up a policy acknowledgement campaign using the Compliance Workspace
  • Create an audience using the Compliance Workspace
  • Submit an acknowledgement request using the Compliance Workspace
  • Respond to an acknowledgement request using the Compliance Workspace
  • Retire a policy using the Compliance Workspace
  • Create a GRC article template
  • Create a control objective using the Compliance Workspace
  • Manage a control objective from the overview page
  • Control assessment based on GRC attestation template
  • Respond to attestations from the Employee Center
  • Respond to attestations on the Risk Portal
  • Respond to attestations from Tasks page of Compliance Workspace
  • User interface changes for assessments based on GRC attestation
  • Grouping assessments for control attestations
  • Combine assessments for control attestations
  • Perform CRI tiering questionnaire to determine the tier value of entity
  • Perform CRI profile assessment per CRI guidelines using control assessment engine
  • Deactivate a control objective using the Compliance Workspace
  • Relate a control objective to a policy using the Compliance Workspace
  • Relate a control objective to a citation using the Compliance Workspace
  • Create a citation using the Compliance Workspace
  • Create an authority document using the Compliance Workspace
  • Deactivate an authority document using the Compliance Workspace
  • Manage policy exceptions and extensions using the Compliance Workspace
  • Request a policy exception using the Compliance Workspace
  • Manage policy exception from the overview page
  • Review the policy exception and extension request using the Compliance Workspace
  • Assess risks of policy exception using advanced risk assessments
  • Set up advanced risk assessments for policy exception
  • Manage issues using the Compliance Workspace
  • Manually create GRC issues using the Compliance Workspace
  • Compliance Workspace issue form details
  • Group similar issues under a new parent issue using the Compliance Workspace
  • Group similar issues under an existing parent issue using the Compliance Workspace
  • Linking issues to multiple objects using Many-to-many table relationship
  • Triage a self-identified issue using the Compliance Workspace
  • Remediate an issue using the Compliance Workspace
  • Manage controls using the Compliance Workspace
  • Create a control using the Compliance Workspace
  • Linking automatically generated issues to a control in Many-to-many relationship
  • Testing common control and implementing results on multiple reliant entities
  • Convert standard control to common control and add reliant entities
  • Impact of common control on compliance score calculation
  • Entity enhancements to support common controls
  • Group assessments for similar assessments in the Tasks page
  • Compliance score calculation of an entity
  • Set up the steps required for entity compliance score calculation
  • Determining the logic in calculating compliance score
  • Manage control indicators using the Compliance Workspace
  • Create a control indicator using the Compliance Workspace
  • Create a GRC indicator template using the Compliance Workspace
  • Performance enhancements for Indicator nightly job
  • Manage evidence requests using the Compliance Workspace
  • Request evidence during audits using the Compliance Workspace
  • Provide requested evidence using the Compliance Workspace
  • Approve evidence before evidence review using the Compliance Workspace
  • Accept, reject, or cancel an evidence request using the Compliance Workspace
  • Review related evidence using the Compliance Workspace
  • Policy authoring and redlining in Compliance Workspace
  • Import policy text for redlining
  • Pre-requisites to enable policy redlining feature
  • Creating and associating policy texts from Cloud documents
  • Create and associate a policy text document in Microsoft OneDrive and Google Drive
  • Connect an existing document in Microsoft OneDrive to policy
  • Connect an existing document from Google Drive to policy
  • Create and associate a policy document in Microsoft SharePoint
  • Connect an existing document in Microsoft SharePoint
  • Sync document and view policy text
  • Provide document access to policy users
  • Complete publishing checklist and request policy approval
  • View the history of a redlining-enabled policy
  • Set up dynamic approval configuration on a policy record
  • Configure dynamic approval configuration on a policy
  • Configure dynamic approval configuration on a policy with redlining enabled
  • 360° Relationship Visualization for Policy and Compliance Management
  • Policy as Code Engine for Preventive compliance management
  • Configure compliance data source registry
  • Associate an item in application table to a control objective
  • GRC: Policy and Compliance integrator
  • Workflow for GRC: Policy and Compliance integrator
  • Using the GRC: Policy and Compliance integrator to display batch records and import tasks
  • Accessing the batch records in the content integration batch table
  • Assign a library import task for approval
  • Approve the library import task
  • DevOps accelerator for control compliance, PaCE execution, and exception management
  • Manage continuous monitoring for controls between Configuration Compliance and Policy and Compliance Management
  • Managing mobile experience for GRC Policy and Compliance
  • Setup checklist for the GRC Mobile application
  • Log in to the GRC Mobile application
  • Process pending Policy and Compliance Management approval requests with the GRC Mobile application
  • Process pending approvals for Policy exceptions with the GRC Mobile application
  • Assign Policy and Compliance Management indicator tasks with the GRC Mobile application
  • Assign Policy and Compliance Management issues with the GRC Mobile application
  • Assign Policy and Compliance Management remediation tasks with the GRC Mobile application
  • Reassign overdue Policy and Compliance Management attestations with the GRC Mobile application
  • Reassign overdue Policy and Compliance Management issues with the GRC Mobile application
  • Filter records with the GRC Mobile application
  • Analytics and Reporting solutions for GRC: Policy and Compliance Management
  • Compliance Overview Performance Analytics dashboard
  • Policy Overview Performance Analytics dashboard
  • Policy Exception Overview Performance Analytics dashboard
  • Policy Acknowledgement dashboard
  • My Attestation Overview dashboard
  • GRC Attestation Overview dashboard
  • NIST Cybersecurity Framework Overview dashboard
  • NIST Framework Profiling Overview dashboard
  • Application Risk and Compliance Overview dashboard
  • Policy and Compliance Management reference
  • Components installed with Policy and Compliance Management
  • Domain separation in GRC: Policy and Compliance Management
  • Privacy Management
  • Exploring Privacy Management
  • Processing activities
  • Processing activity hierarchy
  • Privacy assessments
  • Information objects in Privacy Management
  • Privacy Workspace for the privacy manager
  • Privacy Workspace for the privacy analyst
  • Privacy Management solution overview
  • Risk assessments in Privacy Management
  • Privacy assessment configurations
  • Configuring Privacy Management
  • Download Privacy Management
  • Manage the Privacy Management library
  • Tag an information object with personal information
  • Create a privacy assessment
  • Write a processing activity script
  • Map a control objective to a question response
  • Map an information object to a question response
  • Map a risk statement to a question response
  • Map the processing activity fields to a question response
  • Create and validate an assessment configuration
  • Map a table with a processing activity
  • Using Privacy Management
  • Entity scoping to plan a privacy program
  • Scope entities to discover processing activities with personal information
  • Types of privacy assessments
  • Initiating privacy assessments for an entity or a processing activity
  • Send a privacy assessment from an entity
  • New privacy assessment creation form
  • Send a privacy assessment to multiple entities
  • Send a privacy assessment from a processing activity
  • Send privacy assessments from multiple processing activities
  • Respond to a privacy assessment
  • Review a privacy assessment
  • Create or update a processing activity
  • Create or manage an information object on a processing activity
  • Modify an information object on a processing activity
  • Add key stakeholders and send privacy assessments
  • Add a regulatory agency
  • Regulatory agency form
  • Create a data lineage for a processing activity
  • Create or manage a control on a processing activity
  • Delete a control from a processing activity
  • Create or manage risks on a processing activity
  • Create or add issues on a processing activity
  • Assign a processing activity to a key stakeholder
  • Integrating Employee Center and Risk portal with Privacy Management
  • Privacy Case Management
  • Exploring Privacy Case Management
  • Privacy Case Management home page
  • Privacy Case overview page
  • Privacy Case Management workflow
  • Privacy breach assessment
  • Overview page of a breach assessment
  • States of a privacy breach assessment
  • Elements of a privacy breach assessment
  • Configuring Privacy Case Management
  • Install Privacy Case Management
  • Create a view rule
  • View rule form
  • Create an assignment rule
  • Assignment rule form
  • Create state model transition
  • Define the workflow states for a privacy case
  • Define the model state transitions for a privacy case
  • GRC model state transition condition form
  • Create a privacy case assessment template
  • Assessment metric type form
  • Configuring privacy breach assessment
  • Create a breach factor type
  • Create breach factors
  • Create a PI data element type
  • Create PI data elements
  • Create a region
  • Create a jurisdiction for a region
  • Using Privacy Case Management
  • Reporting a privacy case
  • Report a privacy case from the Employee Center
  • Employee Center privacy case creation form
  • Create a privacy case in the Privacy Workspace
  • Privacy new case form
  • Initiate a breach assessment from a case
  • Work on a privacy breach assessment
  • Case task workflow
  • Create a case task
  • Case task form
  • Work on a case task
  • Reassign an assessment type case task
  • Review and close a case task
  • Add an impacted area to a privacy case
  • Add key stakeholders to a privacy case
  • Add PI information objects to a privacy case
  • Add a related area to a privacy case
  • Add causes and consequences to a privacy case
  • Cause and consequence form
  • Add a privacy regulation related to a case
  • Add or create an issue for a privacy case
  • Export a privacy case as a PDF
  • Send an email from a privacy case
  • Privacy Case Management integration for RadarFirst
  • Privacy Case Management reference information
  • Components installed with Privacy Case Management
  • Personal Data Rights
  • Exploring Personal Data Rights
  • Configuring Personal Data Rights
  • Configuring Personal Data Rights request type
  • Personal Data Rights request type form
  • Create an action task template
  • Create a data registry
  • Generate action tasks for a personal data rights request
  • Using Personal Data Rights
  • Create a Personal Data Rights request
  • Personal data rights request form
  • Add action tasks to a Personal Data Rights request
  • New action task form
  • Accept and work on a Personal Data Rights task
  • Personal Data Rights reference
  • Privacy Management reference
  • Tables installed with Privacy Management
  • Roles installed with Privacy Management
  • Privacy Management email notifications
  • Uses of a processing activity in Privacy Management
  • Workflow of a processing activity
  • Domain separation in Privacy Management
  • Reporting for Privacy Management
  • Privacy Management home page
  • Processing activity overview page
  • Regulatory Change Management
  • Exploring Regulatory Change Management application
  • User roles in Regulatory Change Management
  • Download and install Regulatory Change Management
  • Regulatory Change Management workflow
  • Regulatory process flow and tasks
  • Setup checklist for Regulatory Change Management
  • Regulatory Change Management application in the Compliance Workspace
  • Regulatory Change Management application landing page
  • Regulatory alerts
  • Regulatory event alerts view
  • Source document alerts view
  • Regulatory tasks in Compliance Workspace
  • Assign the regulatory event alert to a coordinator
  • Create the regulatory event alerts manually
  • Import the regulatory event alerts in bulk
  • Assess the impact of a regulatory event alert
  • Manage the regulatory change tasks
  • Assign the source document alert to a coordinator
  • Manage the source document import task
  • Create a new action task for the alert
  • Complete the action task associated with the alert
  • Create or add an issue related to a regulatory task
  • Create New Issue form
  • Manage the taxonomy
  • Regulatory Change Management classic user interface
  • Regulatory alerts
  • Types of alerts, user roles, and states of regulatory alerts
  • Perform actions on regulatory alerts
  • Manage and assign regulatory event alerts
  • Manage and assign source document alerts
  • Impact assessments for the regulatory event alerts
  • Assess the impact of a regulatory alert
  • Impact radius calculation and approval
  • Regulatory change tasks
  • Users and associated actions for the regulatory change tasks
  • Manage the regulatory change tasks
  • Source document import tasks
  • Users, associated actions, and states for the source document import tasks
  • Manage the source document import tasks
  • Action tasks in Regulatory Change Management
  • Create an action task
  • Map the taxonomy
  • Create an issue related to the regulatory tasks
  • Administration module
  • Configure a provider taxonomy configuration record
  • Configure an entity class
  • Set up the RSS feeds
  • Respond to a regulatory assessment
  • Respond to a regulatory alert risk assessment
  • Regulatory Change Management dashboard
  • Risk Management
  • Exploring Risk Management
  • GRC Risk Workspace
  • Risk Workspace for the operational risk manager
  • Risk Workspace for the business operational risk manager
  • Risk Workspace for the IT risk manager
  • User experience enhancements in the Risk Workspace
  • GRC Risk Portal
  • Advanced Risk Assessments in the Risk Workspace
  • Advanced Risk Assessment
  • Workflow of Advanced Risk Assessment
  • Factors in Advanced Risk Assessment
  • Types of risk rating methodologies
  • Transformation criteria
  • Any object assessment using Advanced Risk Assessment
  • Delegation of risk assessment
  • Understanding the risk assessment instance
  • Managing risk responses
  • Risk score rollup in Advanced Risk Assessment
  • Privacy risk management
  • Risk score rollup in Privacy Management
  • Manage risk assessment scheduler
  • Integration of advanced risk assessments with risks and controls
  • Risk appetite and tolerance in Advanced Risk
  • Target risk assessment in Advanced Risk
  • Manage risk events
  • Business process management
  • Exploring the entities
  • Entities in GRC
  • Entity types in GRC
  • Entity classes in GRC
  • Entity tiers in GRC
  • Manage risks, risk statements, and risk frameworks
  • Workflow of a risk using Advanced Risk
  • Manage risks linked to the same risk statement
  • Risk hierarchy and scoring
  • Association of entities at any level of a risk statement
  • Manage classic risk assessments
  • Risk indicators, control indicators, and indicator templates
  • Manage risk issues and remediation
  • Configuring Risk Management
  • Risk Management implementation
  • Download Risk Management
  • Install Risk Management
  • Setup checklist for the Risk Management application
  • Setup checklist for GRC Advanced Risk
  • Download Advanced Risk
  • Risk Management detailed setup
  • Quick start tests for GRC Advanced Risk
  • Configure Risk Management
  • Risk Management Administration
  • Quick start tests for Risk Management
  • Set up checklist for the GRC Mobile application
  • Risk appetite setup
  • Configure a risk appetite and tolerance in Advanced Risk
  • Set up a risk appetite scale
  • Change a risk appetite status
  • Modify Advanced Risk messages
  • Create related list groupings in Advanced Risk
  • Integrating Risk Management with other applications
  • Project Risk Assessment using Advanced Risk Assessment
  • Workflow of project risk assessment
  • Configure Project Portfolio Management and Advanced Risk integration
  • Assign project risks to stakeholders for assessment
  • Assess project risks using Advanced Risk Assessment
  • Elevate a project risk to enterprise risk
  • Application risk assessment using Advanced Risk Assessment
  • Workflow of risk identification for business applications
  • Set up risk identification integration
  • Respond to an application questionnaire
  • Review responses and perform inherent risk assessment
  • Associate risks, citations, policies, and controls with a risk identification record
  • Recommendation engine for risk and compliance mapping
  • Information objects
  • Integration of advanced risk assessment with other applications
  • Integration of Employee Center and GRC
  • Manage continuous monitoring for risks between Risk Management and Vulnerability Response
  • Integrating Microsoft 365 with Management Reporting of Risk
  • Workflow of Management Reporting of Risk
  • Install the ServiceNow Reporting add-in for risk reporting
  • Set up Microsoft 365 reporting configuration in risk
  • Configure a business domain role in Management Reporting of Risk
  • Add additional reporting configuration filters for a Microsoft 365 configuration record in risk
  • Add the ServiceNow Reporting add-in into Microsoft Word
  • Import risk data in to a Microsoft Word
  • Using Risk Management
  • Mobile experience for GRC Risk Management
  • Log in to the GRC Mobile application
  • Process pending Risk acceptance tasks with the GRC Mobile application
  • Assign Risk Management indicator tasks with the GRC Mobile application
  • Assign Risk Management issues with the GRC Mobile application
  • Assign Risk Management remediation tasks with the GRC Mobile application
  • Reassign overdue Risk Management assessments with the GRC Mobile application
  • Reassign overdue Risk Management issues with the GRC Mobile application
  • Filter records with the GRC Mobile application
  • Use Risk Events
  • Configure risk event integration
  • Create a risk event response template
  • Define a threshold amount for the risk event response template
  • Report risk events from the Service Portal
  • Report a risk event from Employee Center
  • Report a risk event from an incident
  • Create a risk event task
  • Analyze a risk event
  • Create a risk event entry
  • Approve a risk event
  • Close a risk event
  • Reopen a closed risk event
  • Add a risk event cause to the cause library
  • Add a risk event consequence to the consequence library
  • Set up GRC Virtual Agent to report risk events
  • Perform Advanced Risk Assessment
  • Create a manual factor
  • Create a group factor
  • Scoring logic for predefined formulas for group factors
  • Create an automated factor
  • Create a scripted automated factor
  • Copy a factor
  • Configure a risk assessment methodology
  • Risk Assessment Methodology form
  • Copy a risk assessment methodology
  • Retire a risk assessment methodology
  • Configure an inherent assessment
  • Inherent Assessment form
  • Configure a control effectiveness assessment
  • Control Assessment form
  • Configure a residual assessment
  • Residual Assessment form
  • Configure a target assessment
  • Target assessment form
  • Create risk color styles
  • Configure risk heatmaps
  • Create a risk assessment scope and initiate assessments
  • Simulate a risk assessment
  • Assess risks and objects on an assessment instance
  • Assess risks
  • Create a risk assessment using the Risk Assessment Designer
  • Create an assessment type
  • Assess risk for a policy exception
  • Assess a risk
  • Manage a business process
  • Create a business process
  • Approve, reject, or delete a business process
  • Create a risk framework and associate risk statements to it
  • Define risk statement hierarchy
  • Create a risk statement
  • Visualize risk hierarchies using the GRC: Workbench
  • Generate a risk from a risk framework
  • Generate a risk from a risk statement
  • Relate risks to each other
  • Create a risk manually
  • Follow a risk
  • Add a control to a risk
  • Manually create GRC issues
  • Report issues from the Service Portal
  • Issue assignment using the Governance, Risk, and Compliance Predictive Intelligence plugin
  • Train and use the similarity solution definition for issue assignment prediction
  • Use entity and risk dependencies using the GRC: Workbench
  • Activate GRC: Workbench
  • Create entity class using the GRC: Workbench
  • Create relationships between entity classes using the GRC: Workbench
  • Associate a risk framework or risk statement with an entity type to generate risks
  • Visualize and edit entity dependencies using the GRC: Workbench
  • Delete entity dependencies using the GRC: Workbench
  • Delete an entity class using the GRC: Workbench
  • Create a risk using the GRC: Workbench
  • Visualize and edit risk dependencies using the GRC: Workbench
  • Delete risk dependencies using the GRC: Workbench
  • Monitor risks using GRC Performance Analytics Indicators
  • Activate GRC: Performance Analytics Integration
  • Associate a PA indicator with a risk statement or control objective
  • Associate a PA indicator with risks and controls
  • Update associated GRC indicators for a set of items
  • Create a GRC indicator template
  • Create a risk indicator
  • View the Risk Overview
  • Using the Risk Workspace
  • Create a risk framework in the Risk Workspace
  • Create a risk statement in the Risk Workspace
  • Associate a risk statement with a control objective in the Risk Workspace
  • Common controls in Risk Management
  • Create and run a manual risk indicator in the Risk Workspace
  • Create and run a basic risk indicator in the Risk Workspace
  • Create and run a scripted risk indicator in the Risk Workspace
  • Issue management in the Risk Workspace
  • Create a risk assessment scope in the Risk Workspace
  • Schedule risk assessments in the Risk Workspace
  • Perform advanced risk assessment in the Risk Workspace
  • Perform any object assessment in the Risk Workspace
  • Workflow of risk response task
  • Workflow of action item in risk response task
  • Create a risk response task in the Risk Workspace
  • Create an action item in the risk response task
  • Create New Action Item form
  • Workflow for risk identification in the Risk Workspace
  • Create a risk event in the Risk Workspace
  • Associate similar risk events
  • Categorizing risks with the Governance, Risk, and Compliance: Predictive Intelligence plugin
  • Analyze a risk event in the Risk Workspace
  • Create a risk event entry in the Risk Workspace
  • Create an ORX external event
  • Report a risk event from the Risk Portal
  • Chart colors for risk data
  • Create a business process in the Risk Workspace
  • Add related assets to a business process
  • Create a test plan in Risk Workspace
  • Filter data in the risk heatmap workbench
  • Define the risk appetite for an entity
  • Risk appetite fields on the Entity form
  • Define the risk appetite for a risk
  • Risk appetite fields on the Risk form
  • Define the risk appetite for a risk statement
  • Risk appetite fields on the Risk Statement form
  • Parallel Review and Feedback in Advanced Risk
  • Parallel Review and Feedback workflow
  • Feedback dashboard
  • Configure a feedback integration
  • Feedback integration configuration form
  • Create feedback in Advanced Risk
  • Create feedback in the Risk Workspace
  • Create New Feedback form
  • Create Feedback from the record side panel
  • Feedback Details form
  • Initiate a chat from Sidebar in Parallel Review and Feedback
  • Respond to the feedback
  • Review and close the feedback
  • Roles for Parallel Review and Feedback
  • Risk assessment project
  • Workflow of risk assessment project
  • Create a risk assessment project
  • Perform assessment on a risk assessment project
  • Reassess a risk assessment project
  • Reassign assessor for a risk assessment project
  • GRC: Metrics in Integrated Risk Management
  • Exploring GRC: Metrics
  • Components of GRC: Metrics
  • Metric definition types
  • Thresholds in Integrated Risk Management
  • Metric data table
  • Configuring metrics
  • Create a manual metric definition
  • Manual metric definition fields
  • Create an assignment configuration
  • Create an automated metric definition
  • Automated metric definition fields
  • Create a calculated metric definition
  • Calculated metric definition form
  • Formula building in a calculated metric definition
  • Configure the formula builder
  • Create a formula
  • Update a metric definition
  • Create a metric
  • Create a metric unit
  • Create a unit family
  • Convert metric data to a different unit
  • Update a metric
  • Update a manually created metric
  • Create a threshold for a metric definition
  • Using GRC: Metrics to provide data
  • Provide data for a metric data task
  • Provide responses for multiple metrics
  • Review a metric data task
  • Override metric data task response
  • Override metric data
  • Reviewing calculation details with formula trees
  • View the calculation breakdown in a formula tree
  • GRC: Metrics reference
  • Components installed with the GRC: Metrics application
  • Analytics and reporting solutions for Risk Management
  • Operational risk heatmap for Advanced Risk Assessment in the Risk Workspace
  • Risk heatmap for classic risk assessment
  • Risk heatmap workbench
  • Operational Risk Management dashboard
  • GRC Advanced Risk plugin indicators
  • GRC Audit Management plugin indicators
  • GRC Policy and Compliance Management plugin indicators
  • GRC Risk Management plugin Performance Analytics indicators
  • GRC Profiles plugin indicators
  • Risk register in the Risk Workspace
  • Project Risk Overview dashboard
  • Risk Identification Overview dashboard
  • Basel dashboard
  • GRC Risk Overview dashboard
  • Advanced Governance, Risk, and Compliance Application Risk dashboard
  • Performance Analytics dashboards for risk events and risk hierarchy
  • Advanced risk assessment dashboard
  • Risk Management reference
  • Components installed with Risk Management
  • Roles installed with Risk Management
  • Roles installed with the GRC Risk Workspace
  • Properties installed with Risk Management
  • Tables installed with Risk Management
  • Components installed with Advanced Risk
  • Tables installed with Advanced Risk
  • Roles for performing advanced risk assessment
  • Properties installed with Advanced Risk
  • Business process roles
  • Domain separation in Risk Management
  • Smart Assessment Engine
  • Exploring Smart Assessment Engine
  • Accessing templates in the Assessment Workspace
  • Configuring Smart Assessment Engine
  • Using the template designer
  • Create an assessment template
  • Add instructions and questions to an assessment template
  • Create a text question
  • Create a drop-down list question
  • Create a radio button question
  • Create a check box question
  • Create a number question
  • Create a reference question
  • Create an attachment question
  • Create a date question
  • Add reference information to an assessment template
  • Create an assessment template category
  • Copy an assessment template
  • Scoring in assessments
  • Configure scoring for an assessment
  • Creating an assessment template from legacy assessment metric types
  • Migrate a legacy metric type to an assessment template
  • Triggering assessments
  • Configure the Trigger Smart Assessment Flow action
  • Trigger assessments from a script
  • Responding to assessments
  • Respond to an assessment
  • Combine assessments
  • Combine your assessments into a single submission
  • Automate response
  • Configure an automatic response for a question
  • Smart Assessment Engine reference
  • Roles in Smart Assessment Engine
  • Flow actions for fulfillment subflow definitions
  • Settings in the Test action pop-up window
  • Trigger Smart Assessment action form
  • How legacy metric types are migrated to sections in templates
  • Results of migrating a metric category to an assessment template
  • Third-party Risk Management
  • Exploring Third-party Risk Management
  • Risk profile
  • Why you conduct due diligence
  • Types of due diligence
  • Why you might have several engagements with a single third party
  • Types of engagement with third parties
  • Regulations that affect third-party risk
  • Benefits of your third-party risk management program
  • Example — Onboarding a third party
  • Due diligence workflow
  • Configuring Third-party Risk Management
  • Assign TPRM roles to users and user groups
  • Add users to groups based on responsibilities
  • Convert risk tier assessments to IRQ assessments
  • Configure TPRM properties
  • Enable the TPRM Risk concentration map
  • Enable email with third-party contacts
  • Import existing data from other systems
  • Run the Quick Start tests for Third-party Risk Management
  • Assessment configuration
  • Set up risk rating scales for scoring
  • Define a third-party risk domain
  • Define third-party risk area criteria
  • Define component criteria
  • Define third-party risk scoring rules
  • Define engagement risk scoring rules
  • Event-driven management — automate assessment processes
  • View the run history for event-driven management rules
  • View the assessments generated by event-driven management rules
  • Recall event-driven questionnaires and doc requests
  • Normalize the scores for metrics
  • Set up and maintain a question bank
  • Define a question
  • View the sample questions in the base system
  • Create an assessment template
  • Configure a risk assessment to recur on a schedule
  • Import a questionnaire from a spreadsheet
  • Create a questionnaire or document request template
  • Create a questionnaire or document request template using the Designer
  • Create an issue generation rule
  • Set up internal questionnaire responses to automatically attach external questionnaires to assessments
  • Requesting third-party risk due diligence
  • Request due diligence for a third-party engagement
  • Offboarding an engagement without conducting due diligence
  • Assessing your third-party risk
  • Respond to an IRQ
  • Create an external assessment
  • Respond to a questionnaire for a third party or engagement
  • Review responses to external questionnaires
  • Reopen an assessment
  • Create an issue for a third party or engagement
  • Manage issues
  • Create a task for a third party or engagement
  • Manage a task for a third party or engagement
  • Export questionnaire responses to a spreadsheet
  • Monitoring your third-party risk
  • Get an overview of a third party
  • Viewing summarized risk information for a third party
  • Viewing general information on a third party
  • Viewing information about third-party subsidiaries
  • Viewing information on fourth parties
  • Viewing risk intelligence scores
  • Get an overview of an engagement
  • Viewing summarized risk information for an engagement
  • Viewing third-party risk reports
  • TPRM Home page
  • TPRM Due diligence management reports
  • TPRM Risk activity page
  • TPRM Dashboards page
  • TPRM Risk concentration map
  • TPRM Task page
  • TPRM List page
  • Monitoring assessment data using TPRM dashboards
  • Create a TPRM dashboard with the In-line editor
  • Edit TPRM dashboard details
  • Edit TPRM dashboards
  • Edit TPRM dashboard elements
  • Share a TPRM dashboard
  • Delete a TPRM dashboard
  • Monitoring the due diligence request process
  • Monitoring your fourth-nth parties
  • Register a fourth-nth party
  • Create a fourth-nth party record
  • Promote a fourth-nth party to a third party
  • Monitoring third-party elements
  • Create a third-party element record
  • Add a third-party element record to an engagement
  • Tracking a managed activity
  • Approving or rejecting requests for due diligence
  • Set up the approval levels for due diligence requests
  • Set up the approval rules for due diligence requests
  • Managing the contract risk process
  • Accessing DD requests that are in the contract risk process
  • Working in the VRM Classic user interface
  • Create a third party record—Legacy process
  • Setting up third-party hierarchies and engagements—Legacy process
  • Define an engagement — Legacy process
  • Third-party risk tiering assessments — Legacy process
  • Create and start a tiering assessment — Legacy process
  • Review tiering assessment responses — Legacy process
  • Create an automated risk assessment when the assigned risk tier changes—Legacy process
  • Managing external risk assessments — Legacy process
  • Create an external assessment — Legacy process
  • Using digital resilience third-party registers
  • Create a legal entity and enhance digital resilience data
  • Create New Company form
  • Create New Legal entity form
  • Create a branch and enhance digital resilience data
  • Create New Branch form
  • Create a function and enhance digital resilience data
  • Create New Function form
  • Create a third party and enhance digital resilience data
  • Create New Company form
  • Create New ICT third-party service provider form
  • Create a third-party engagement and enhance digital resilience data
  • Create New Third-party engagement form
  • Add Digital resilience information to third-party engagements
  • Create a contract and enhance digital resilience data
  • Create New Contract form
  • Create New Contractual arrangement form
  • Create New Entity making use of the ICT services form
  • Create a supply chain and enhance digital resilience data
  • Create New ICT service supply chain form
  • Create an assessment and enhance digital resilience data
  • Create New Assessment of the ICT service
  • Create a Microsoft Excel download request
  • Create New Excel download/upload request form
  • Create records in bulk
  • Update existing records in bulk
  • Managing the Third-party portal
  • Set up third-party contacts
  • Manage the access for your third-party contacts
  • E-signatures on questionnaires or document requests
  • TPRM and the Explicit Roles plugin
  • Using a Microsoft Excel spreadsheet template for external questionnaires
  • Third-party contacts — Respond using a Microsoft Excel template
  • Using the SIG questionnaire for a risk assessment
  • Third-party contacts — Respond using the SIG
  • Using risk intelligence reports and scores
  • Request a risk intelligence report
  • Request a risk intelligence report associated with a due diligence request
  • Track sanctions-related information
  • Integrating scores from risk intelligence providers
  • Register a risk intelligence provider
  • Set up a risk intelligence provider service
  • Set up a request type for a provider
  • Add a risk intelligence score to risk data for a third party
  • Automate actions upon risk intelligence updates
  • Integrating EcoVadis with Third-party Risk Management
  • Create an EcoVadis connection and configuration
  • Customize system properties for EcoVadis integration
  • Fetch and view EcoVadis scores
  • Integrating Third-party Risk Management with GRC: Policy and Compliance Management
  • Manually add a control to a third party or engagement
  • Manually add a control objective to a question
  • Third-party Risk Management reference
  • Terminology
  • Roles in Third-party Risk Management
  • Unique ID numbers for TPRM records
  • Guidelines for importing spreadsheet data
  • Sample questionnaires
  • Due diligence request process management
  • Request third-party risk due diligence request form
  • IRQ process management
  • Third-party (external) risk assessment management
  • Life cycle states of a third-party (external) risk assessment
  • Control objectives form
  • Create new control form
  • Assessment metric type form
  • Create New assessment template form
  • Third-party risk assessment form
  • Third-party element form
  • Approval process management
  • Approval rule form
  • Risk intelligence report requests management
  • Risk intelligence provider integrations
  • Risk intelligence report request form
  • Third-party risk ratings and scoring calculations
  • Verifying risk ratings and scoring calculations
  • Third-party risk management data model
  • Domain separation and Third-party Risk Management
  • Vendor Risk Overview reports — Legacy view
  • Common GRC features
  • Mobile experience for Governance, Risk, and Compliance
  • GRC application nomenclature updates and industry terminology
  • GRC reference
  • Components installed with GRC
  • Tables installed with GRC
  • Common roles in Governance, Risk, and Compliance
  • GRC properties
  • GRC content packs
  • Sarbanes-Oxley (SOX) Content Pack
  • Install the SOX Content Pack
  • Verify the SOX Content Pack in Policy and Compliance Management
  • Verify the SOX Content Pack in Risk Management
  • Verify the SOX Content Pack in Audit Management
  • SOX Content Pack dashboard and reports
  • GRC integrations
  • GRC integration with Thomson Reuters Regulatory Intelligence
  • Install the GRC integration with Thomson Reuters Regulatory Intelligence application
  • Establish an SFTP or REST API connection
  • Modules in the GRC integration with Thomson Reuters Regulatory Intelligence application
  • GRC: integrations with third-party content
  • User roles for the integration process
  • Create a user with the sn_grc_cim.admin role
  • Standardized Information Gathering (SIG) Questionnaire Integration
  • Install the GRC: SIG Questionnaire Integration
  • Verify the SIG Questionnaire Integration in Third-party Risk Management
  • GRC use case accelerators
  • Cyber Risk Institute Accelerator
  • Cybersecurity Controls Accelerator
  • GDPR DPIA Use Case Accelerator
  • Download the GDPR DPIA Use Case Accelerator
  • Components installed with GRC: GDPR DPIA Use Case Accelerator
  • GDPR DPIA Use Case Accelerator module overview
  • Working with data processing activities
  • Working with DPIA risk assessments
  • Working with GDPR DPIA overview dashboards and reports
  • NIST CSF Use Case Accelerator
  • Install the NIST CSF Use Case Accelerator
  • Verify the NIST CSF Use Case Accelerator
  • NIST CSF supporting concepts
  • NIST CSF tables
  • NIST CSF Use Case Accelerator dashboards and reports
  • NIST CSF process overview
  • Identify the framework core
  • Review the framework Core
  • Align and prioritize cybersecurity activities
  • Generate a target for an entity
  • Set up target for NIST CSF framework
  • Orient target
  • Create activity
  • Perform Gap analysis
  • Review action plan
  • NIST RMF Use Case Accelerator
  • Install the NIST RMF Use Case Accelerator
  • Verify the NIST RMF Use Case Accelerator
  • NIST RMF supporting concepts
  • NIST RMF Use Case Accelerator dashboards and reports
  • NIST RMF process overview
  • Categorize targets
  • Generate target from profile or entity type
  • Set up a target for use with NIST RMF
  • Perform preliminary risk assessment and impact analysis
  • Monitor the NIST RMF Categorize Overview
  • Select baseline control definitions
  • Review baseline controls
  • Tailor baseline controls
  • Implement security controls
  • Manage and implement controls
  • Manage and implement control tests
  • Assess controls, risks, issues, and remediation tasks
  • Review and perform control attestations
  • Review and evaluate control effectiveness
  • Manage and address risks
  • Review and perform risk assessments
  • Manage and address issues
  • Manage and address remediation tasks
  • Monitor the NIST RMF Assess dashboard
  • Authorize targets
  • Authorize targets
  • Monitor the NIST RMF Authorize dashboard
  • Monitor security controls
  • Review and manage indicators
  • Monitor the RMF Monitor dashboard
  • Technology Controls Monitoring Accelerator
  • Download the Technology Controls Monitoring Accelerator
  • Ensure that all the appropriate indicator templates are activated
  • View your operational status
  • View the Cybersecurity Controls module
  • Using indicator templates
  • Indicator templates for controls
  • 360° Relationship Visualization
  • Download and activate the GRC: 360° Relationship Visualization and Data Registry applications
  • Setting up the 360º views
  • Exploring the 360º view
  • Using the item generation process to generate controls and risks
  • Components installed with the item generation process
  • Operational changes in item generation of common controls
  • Using Approver Configurator for setting Up approvals
  • Set up an approval configuration record
  • Approval Configuration New Record
  • Assignment Configuration New Record
  • Assign an approval level for the approval configuration record
  • Approval Level New Record form
  • Set up an approval rule for the approval level
  • Approval Rule New Record form
  • Roles installed with GRC: Approver Configurator
  • Confidential records
  • Create a confidential record
  • Configure confidentiality in GRC tables
  • Confidentiality configuration form
  • Configuring confidential inheritance in your tables
  • Create confidentiality inheritance
  • Confidentiality Inheritance Configuration form
  • User hierarchy
  • Create a user hierarchy configuration record
  • User group-based access on the GRC tables
  • Content references in GRC
  • Manage issues
  • Issues in the Workspace
  • Configuring an issue relationship
  • Configure an issue relationship
  • Issue Relationship Configuration form
  • Group issues in the Workspace
  • Domain separation in GRC
  • Create a domain
  • Breadcrumb navigation
  • Taxonomy management in GRC
  • Landing Page Configurations module
  • Tasks Page Configuration module
  • Update the Tasks Page Configuration record
  • Issue Page Configuration module
  • Create a new Issue Page Configuration record
  • Link a new Issue Page Configuration record to a workspace
  • Update an Issue Page Configurations record
  • My tasks in the workspace
  • Monitor my tasks in the Tasks page in the workspace
  • Exploring the entities
  • Entities in GRC
  • Composite entity in Governance, Risk, and Compliance
  • Create a composite entity
  • Create new composite entity form
  • An entity in the workspace view
  • Create an entity
  • Functionality enhancements for the entities
  • Entity scoping in GRC
  • Generate risks and controls from entity types
  • Create independent entities
  • Relate entities to each other
  • Entity classes
  • Create an entity class
  • Update entity classes for multiple entities
  • Scheduled jobs for GRC
  • Entity class rules
  • Create an entity class rule
  • Create an entity class rule filter
  • Entity class rule filter fields
  • Entity types
  • Create an entity type
  • Entity filters
  • Create an entity filter
  • Create an entity filter in the classic user interface
  • Entity tiers
  • Create an entity tier
  • Viewing and updating Governance, Risk, and Compliance exceptions
  • Cybersecurity Executive dashboard for Chief Information Security Officers
  • Advanced Governance, Risk, and Compliance Application Risk dashboard
  • GRC Licensing summary dashboard
  • Displaying the role hierarchy of a user
  • Workspace page configuration
  • Configure workspace page
  • Workspace page configuration form
  • Revert record page templates to the pre-17.x version
  • Record type icons configured for forms in GRC Common Workspace Elements

Download Advanced Risk

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • Before you run Advanced Risk in your instance, you must download it from the ServiceNow Store.

    Before you begin

    Role required: admin

    About this task

    GRC Risk Advanced provides access to the following features:
    • Manage risk events
    • Risk hierarchy and scoring

    Procedure

    Follow the instructions for Download a GRC application from the ServiceNow Store for the first time.
    Back to home page