Operational changes in item generation of common controls
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Operational changes in item generation of common controls
This document outlines operational changes in how controls, specifically common controls, are generated and associated with entities within the ServiceNow platform. The main focus is on optimizing control creation and association to avoid unnecessary duplication and streamline testing by leveraging existing controls and their reliant entities.
Show less
Key Concepts
- Control Creation: Controls can either be created anew or existing standard controls can be activated. Creating numerous controls can lead to complexity, so reusing or associating existing common controls with primary and reliant entities is preferred.
- Common Controls: These are created by selecting "Common" in the Function field and converting a standard control to common after selecting a control objective. Common controls allow grouping entities and their reliant entities for efficient management.
- Reliant Entities Association: Reliant entities can be added or removed via related lists within the Control form, either individually or by entity types. This association is prioritized over creating new controls for each entity.
- No Auto-Generation: Common controls are not auto-generated; associations and creations depend on matching control name, entity, and objective.
Operational Prioritization and Logic
- If no reliant association or standard control exists, a standard control or reliant association is created based on the action type (e.g., add content, activate document).
- When user intent is unclear and no standard control exists, the system prefers associating a reliant entity to a common control rather than creating a new standard control.
Item Generation Action Types and Their Effects
New action types define how entities and controls interact, impacting associations and risk or privacy management:
- Add/Remove Entity Types to/from Common Control: Manage many-to-many (m2m) associations between entities and common controls.
- Add/Remove Entity to/from Item: When Risk Management is installed, these actions update risk associations considering reliant entities. Privacy Management also updates processing activity associations accordingly.
- Activate/Deactivate Entity to/from Item: Similar to add/remove, these actions activate or deactivate risk and processing activity associations based on the control's reliant entities.
- Activate/Deactivate Item: Activation adds controls or common items if no duplicates exist, respecting entity reliance and active status. Deactivation removes all associated Control to Entity records and risk associations.
Practical Implications for ServiceNow Customers
- This approach helps avoid control explosion by reusing common controls and associating reliant entities effectively.
- Customers should prioritize associating entities to existing common controls over creating new controls unless necessary.
- Understanding the new action types enables better management of control-to-entity relationships, especially when Risk Management or Privacy Management plugins are installed.
- Ensuring proper control objectives and control names are selected is mandatory for successful conversion and association processes.
Operational changes are made in item generation mainly because item generation either creates a control or activates an existing standard control. When it comes to associating a control to an entity, then associating a reliant entity to a common control takes precedence over creating a control for that entity.
Creation of controls
If the existing controls in your system can be used for testing entities, then you can take advantage of the existing data and avoid creating controls. Having many controls can lead to control explosion. If that is not feasible, then you can associate a primary entity with a common control, test the common control, and implement the test results on the reliant entities of the common control. If both these options don’t work, then you can create a control.
To create a common control, select Common in the Function field of the Control form. Select the Convert to common list UI action. A common control is created upon validation. It’s mandatory that you select a control objective before you convert a standard control to common control.
Association of reliant entities to common control
- Use the Reliant entities related list in the Control form to add individual entities to the common control. You can also remove the reliant entities using the Remove button.
- Use Reliant entity types related list in the Control form to add entity types to the common control. You can also remove the reliant entity types using the Remove button.
- Use the Inherit common controls UI action in the Controls related list of the Risk form to select common controls grouped by control objectives.
Note:
For more information on reliant entity associations for a common control, see Create a control using
the Compliance Workspace and Convert
standard control to common control and add reliant entities.
Item generation – Assumptions
- There’s no auto-generation of common controls.
- When the existence of common controls or associations of reliant entities to common control or standard controls are checked, the control’s name, entity, and control objective must match.
- Order of precedence between standard and common controls:
- If reliant association and standard control do not exist, then based on the action type, a standard control is created. Action types, for example can be Add content to entity type, Add document to entity type, Activate content, Activate document.
- If reliant association and standard control do not exist, then based on the action type a reliant association to common control is created. Action type can be Add entity type to common control.
- If the user's intent is not clear from the action type and a standard control does not already exist, then in conflicting entity type, the preference is to associate the reliant entity to the common control over creation of a standard control. Action type, for example can be Add entity to entity type.
Item generation changes
| Item generation action type | Description |
|---|---|
| Add entity type to common control | If the entity is not associated with the common item, then the application associates the entity with the common item by creating an m2m association between the two. |
| Remove entity type from common control | If the entity is associated with the common item, and the Entity types field has other entity types or Individually_added is true in the m2m record, then the application removes the Entity type ID from the Entity types column or deletes the entity to common item m2m record. |
| Add entity to item | If Risk Management is installed, based on the risk statement associated to the control objective, the risk to common control m2m records are added in the Control to Entity m2m table after considering the reliant entities. |
| Remove entity from item |
|
| Activate entity to item | If Risk Management is installed, based on the risk statement associated to the control objective, risk to common control m2m records are added in the Control to Entity m2m table in consideration of its reliant entities. |
| Deactivate entity to item |
|
| Activate item | A common item is added:
A standard item is added:
|
| Deactivate item |
|