Entity types

  • Release version: Yokohama
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Entity types

    Entity types in ServiceNow are groupings of entities based on customizable filter conditions, allowing you to organize entities within hierarchical entity classes. This feature helps you efficiently manage multiple entities—such as departments or business units—by grouping them under a single entity type. You can assign owners, entity classes, control objectives, and risk statements to entity types, which streamlines the automatic creation of associated risks and controls across all entities within the group.

    Show full answer Show less

    Key Features

    • Entity Grouping and Hierarchy: Create hierarchies within entity classes to reflect organizational structures, facilitating aggregated risk reporting.
    • Entity Filters: Use predefined or custom filters to specify conditions for including entities in an entity type. Filters define the data tables and criteria used to display and manage entities.
    • Automatic Risk and Control Association: By linking risk statements and control objectives to entity types, risks and controls are automatically instantiated for all associated entities, reducing manual effort.
    • Comprehensive Related Lists: Manage detailed information about entities, filters, risk frameworks, risk statements, policies, control objectives, exceptions, privacy assessments, and attachments all associated with the entity type.
    • Roll-up of Risk Scores: Enables risk assessment scores to aggregate from lower-level entities (e.g., subdivisions) up through higher organizational levels, supporting consolidated reporting.

    Practical Benefits for ServiceNow Customers

    Entity types simplify governance, risk, and compliance processes by organizing entities and automating risk and control management at scale. Customers can avoid maintaining multiple spreadsheets or manual tracking by leveraging filter-based grouping and automatic associations. The hierarchical structure supports enterprise-level risk aggregation and reporting, improving visibility and decision-making.

    Using Entity Types

    • Create entity types under the Lists view in the workspace, defining filters to include specific entities.
    • Assign owners, entity classes, risk frameworks, risk statements, and control objectives to each entity type.
    • Use the related lists to manage and monitor all associated components, including policies, exceptions, and privacy assessments.
    • Leverage entity filters to control which data populates each entity type, choosing between custom conditions or predefined CMDB queries.

    By setting up entity types thoughtfully, customers can automate much of the risk and control lifecycle, maintain organized entity classifications, and gain insightful risk aggregation aligned with their organizational hierarchy.

    Entity type is a grouping of the entities that match a set of filter conditions. You can create a hierarchy of the entity types within the entity classes. The Entity types option is displayed under the Lists view in the workspace. Click an entity type to display its details.

    An entity type is a grouping of entities that is based on filtering. Entity types enable you to find and create entities that match a set of filter conditions. Hierarchy can be created within the entity classes. Entity types also enable you to create risks and controls for each entity without spending much time. For example, an organization can have multiple departments, such as finance, HR, or IT. All these departments can be considered as entities and can be grouped under the entity type called Departments.

    Within an entity type, you can assign an owner and an entity class. You can associate a control objective and risk statements to the entity type so that risks and controls get automatically created for those entities. For every entity created using the entity type, the configuration and filter are applied so that the entity class and entity owner get automatically assigned for each entity.

    When you create entity types and associate risk statements and control objectives to them, the risk and controls are automatically created for all the entities. The benefit of creating entity types is that it eliminates the need for maintaining multiple spreadsheets with the associated risks and controls for each entity. By applying entity types, you can quickly create entities by using the entity filters that are present within the entity types. Entity types can contain entities associated with different classes.

    Grouping entities also helps in rolling up and aggregating the risk scores after risk assessments are performed. To understand how grouping entities contribute to rolling up the risk scores, consider the following example. Assume that there's a banking organization called Acer Finance. Acer Finance has two business lines: Banking and Retail. The Banking division has further subdivisions such as Commercial Banking and Private Banking. The risk assessments are generally performed at the bottom-most level. In this example, the assessment is performed at the Commercial Banking and Private Banking levels. The reporting, however, is done at the top-most level. This means that the risk assessment scores of Commercial Banking and Private Banking roll up and aggregate at the Banking level. Similarly, the scores of the Banking and Investment roll up to the Acer Finance organization level.

    Entities in entity type are created based on the conditions set in the Entity Filter. In entity filters, the following filter conditions are defined:
    • Build your own conditions: The entity filter defines the table from which the data is pulled into each entity type for display. Options in the Entity filter related list under Entity Type are revised such that Build your own conditions is same as the previous condition builder.
    • Select from predefined queries: A new option is introduced as Select from predefined queries that uses the Configuration Management Database (CMDB) queries.
    The Details tab in the Entity type page displays the following information:
    • Name
    • Compliance Score (%)
    • Check box condition to display if the entity type is active
    • Description
    The Entity type page displays the following related lists:
    Table 1. Related lists in the Entity type section
    Related list Description
    Entities Information on the entities:
    • Entity
    • Description
    • Class
    • Owned by
    • Residual rating
    • Compliance Score (%)
    Entity Filters Information on the entity filters:
    • Entity filter type
    • Table
    • Filter condition
    • Use owner field
    • Owner field
    Risk frameworks Details of the risk framework. Click Add to add a new risk frameworks record.
    Risk Statements Details of the risk statements such as Risk Statement, Framework, Category, and Description.
    Policies Details of the policies such as number, name, Type, Owner, State, Valid from, Valid to, and Compliance Score percentage.
    Control Objectives Details of the control objectives such as Control objective, Category, Type, Classification, and Compliance Score percentage.
    Entity Filters Details of the entity filter such as Entity Filter type, Table, Filter Condition, Query, Information objects, Use owner field, Owner field.
    Policy Exceptions Details of the policy exceptions.
    Content References Details of the content references.
    Privacy assessments Details of the privacy assessments for the entity type.
    Attachments Attachments associated with the entity type displayed in the side panel.