Understanding PaCE

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Understanding PaCE

    PaCE (Policy and Compliance Engine) allows ServiceNow customers to manage, administer, and audit policies from a centralized location. It consists of pre-defined rules that dictate application or service behavior, assessing compliance by applying these rules to input data and making decisions accordingly.

    Show full answer Show less

    Key Features

    • Full life cycle management: Manage policies throughout their entire lifecycle.
    • Policy reuse: Share and reuse policies across services.
    • Audit and compliance: Collect evidence for audits and compliance verification.
    • Testing and validation: Ensure policies are validated before deployment.
    • Central automation: Automate compliance processes to reduce manual dependencies.

    Key Outcomes

    • Identify and rectify posture drifts to maintain compliance.
    • Facilitate rapid decision-making regarding policy compliance.
    • Enhance change management with automated workflows and preventive controls.
    • Provide comprehensive documentation and version tracking for all policies.
    • Offer insight for policy creators to understand and iterate on existing policies effectively.

    PaCE enables you to manage, administer, and audit policies from a centralized location.

    A PaCE policy is a set of pre-defined rules and logic that determines the desired behavior of an application or a service. When invoked, the rules in the policy are applied on the provided input, and a decision is reached. This decision-making is the main function of PaCE and helps determine if a policy is compliant or non-compliant. The decision is then relayed to the software calling service or application, so that it can act on it to enforce a desired behavior.

    PaCE provides the following capabilities:
    • Full life cycle management of policies
    • Policy reuse
    • Audit and compliance
    • Testing and validation of policies
    • Central automation of compliance and regulatory processes
    PaCE can be used to:
    • Identify posture drifts from a desired state in the current application.
    • Make decisions (compliant or non-compliant) based on a change in the application or service and enforce the decision to prevent a drift.
    • Automate execution of policies and eliminate dependency on humans.
    • Standardize policies so that they can be shared and reused within a service and across services.
    • Increase change velocity while including guardrails with automated workflows to provide preventive controls.
    • Collect evidence and proof of compliance for audit purposes. This feature can be used by internal auditors to automate the process of collecting evidence for governance and risk requirements.
    • Provide business context to PaCE policies by using control objectives to connect PaCE with the Integrated Risk Management and Policy and Compliance Management workspace.

    PaCE enables policy developers to view and understand an existing policy, make and assess changes, and decide if a policy can be used as a baseline for another policy. They can also use PaCE before debugging to understand how the policy should work and why it is not working as expected.

    PaCE provides a centralized platform for storing, managing, and using policies. By using PaCE, policies can be:
    • Well documented and all the requirements clearly defined.
    • Reused across the organization.
    • Tracked and new versions can be created when a policy is changed.
    • Tested and validated before deployment.

    Policies are also containers for all the elements that make up a policy. These elements include meta-data related to the policy, the policy versions (including policy scripts and inputs), mapping information, and policy execution history.

    You can define any number of policies within PaCE.