Risk and compliance tab

  • Release version: Xanadu
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Risk and compliance tab

    The Risk and compliance tab on the Privacy Management dashboard offers a centralized view to help organizations monitor privacy-related risk exposure and regulatory compliance performance. It enables privacy teams to assess the effectiveness of current privacy controls in mitigating risks and maintaining compliance with major frameworks such as NIST SP 800-53 and the EU GDPR. By consolidating risk and compliance insights into a single dashboard, it facilitates faster decision-making and accountability across privacy functions.

    Show full answer Show less

    Key Features

    • Risk overview: Displays a donut chart showing the distribution of processing activities by aggregated residual or inherent risk levels, with color coding for easy risk identification.
    • Risk heatmap: Visualizes identified risks across processing activities, segmented by combinations of risk and control effectiveness or impact and likelihood, adjustable by risk classification filters.
    • Compliance overview: Summarizes compliance posture across regulatory frameworks and policies, with filters for specific authority documents or privacy policies, helping track adherence scores.
    • Control objectives needing attention: Highlights control objectives requiring immediate remediation, along with the number of impacted processing activities, with links for detailed review.
    • Regulatory change management (requires Regulatory Change Management application): Includes widgets like Activity overview and Impact assessment to track status and progress of change-related activities triggered by regulatory updates.

    Key Outcomes

    By using this tab, ServiceNow customers can:

    • Gain immediate insights into privacy risk exposure and compliance gaps through intuitive visualizations such as heatmaps and compliance scores.
    • Identify and prioritize high-risk areas and remediation tasks based on real-time data.
    • Maintain continuous alignment with evolving regulatory requirements and emerging risks.
    • Enhance informed decision-making and accountability within privacy management teams.
    • Customize the dashboard to highlight key policies and authority documents relevant to their organization’s privacy program.

    The Risk and compliance tab on the privacy management dashboard provides a centralized view of privacy-related risk exposure and regulatory compliance performance.

    The Risk and compliance tab on the privacy management dashboard enables organizations to monitor the risk and compliance postures of the privacy program within the organization. It helps evaluate how effective current privacy controls are in mitigating identified risks and supporting compliance.

    Using this dashboard, teams can track adherence to major regulatory frameworks, including NIST SP 800-53 and the EU GDPR. The dashboard presents data through intuitive visualizations such as heatmaps, compliance scores, and summaries of control objectives that need attention. These visuals provide immediate insights into risk exposure and compliance gaps across the organization. Privacy teams can identify high-risk areas and assign priority to remediation tasks based on real-time data.

    The dashboard also assists in confirming continuous regulatory alignment as requirements evolve, or new risks emerge. By consolidating risk and compliance insights into one view, it supports faster decision-making and improved accountability across privacy functions.

    The visualization and data-driven layout support informed decision-making for privacy teams, confirming adherence to industry standards and legal obligations. This dashboard displays the following widgets.
    Risk overview

    This donut chart displays the distribution of processing activities across different aggregated risk levels. By default, the distribution is based on the aggregated residual risk scores. However, you can apply a filter to view the distribution based on aggregated inherent risk classification instead. Each activity is color-coded by its associated risk level.

    The Risk heatmap widget displays the visualization of all identified risks within each processing activity. By default, residual risk filter is applied, but you can filter it based on inherent risk level. The heatmap is segmented, and the segmentation changes based on the filter. The activities fall under the respective combination of risk and control effectiveness, or impact and likelihood. The combination is based on the selected risk classification filter.

    Compliance overview

    This section summarizes compliance posture across different regulatory frameworks like NIST SP 800-53 and GDPR. It also provides a consolidated view. You can filter compliance information with specific Authority documents. Filtering the data by Policies shows compliance posture across privacy policies; for example, Employee Data Privacy Policy, Customer Data Privacy Policy, or third-party Privacy Policy. Select the appropriate authority document or policy in the drop-down filter to view compliance score.

    Use the sn_privacy.highlighted_policy and sn_privacy.highlighted_authority_document properties to configure the top two policies and authority documents that appear on this widget.

    Control objectives needing attention
    This section highlights specific control objectives requiring immediate remediation, along with the number of impacted processing activities. Each control objective is hyperlinked for detailed review.
    Regulatory change management

    The Activity overview widget displays the status of change-related activities triggered by regulatory updates. Each segment is represented using donut charts with status-based color coding.

    The Impact assessment widget shows ongoing Impact Assessments related to Regulatory Assessments. The drop-down menu enables you to change the assessment category.

    Note:
    These widgets are available only when you have the Regulatory Change Management application installed.
    The following image shows the Risk and compliance dashboard.
    Figure 1. Risk and compliance dashboard
    Risk and compliance tab on the privacy management home page.