Linking issues to multiple objects using Many-to-many table relationship

Yokohama Governance, Risk, and Compliance

Release

yokohama

ft:locale

en-US

ft:publication_title

Yokohama Governance, Risk, and Compliance

ft:clusterId

grc

bundleId

grc

workflow

Technology

Linking issues to multiple objects using Many-to-many table relationship

Release version: Yokohama

Updated January 30, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Linking issues to multiple objects using Many-to-many table relationship

This functionality enables ServiceNow customers to link issues to various compliance-related objects—such as risks, controls, control objectives, engagements, policies, and authority documents—using many-to-many (m2m) table relationships. This approach provides a comprehensive way to assess issue impact across multiple related compliance entities.

Show full answer Show less

Key Features

Issues can be associated with multiple objects through dedicated many-to-many tables that store these relationships, ensuring accurate linkage between issues and compliance objects.
Examples include linking issues to controls via the Issue to Control [sngrcm2missueitem] table, and similarly named tables for control objectives, engagements, policies, and authority documents.
These relationships are visible as related lists on the respective object forms, allowing users to view and manage all linked issues in one place.
Users with roles such as corporatecomplianceanalyst, corporatecompliancemanager, itcompliancemanager, or sncompliance.admin can create and delete m2m records, but only users with the GRC admin (sngrc.admin) role can update existing records in these tables.
The many-to-many tables ensure clear categorization of issues, including distinguishing automatically generated issues from manually created ones when linked to controls.
Supports creation and linkage of compliance objects and issues within the Compliance and Audit Workspaces for an integrated compliance management experience.

Key Outcomes

Provides a 360° view of compliance objects and their related issues, giving users detailed insights into all linked data, which enhances impact analysis and decision-making.
Facilitates consolidation and visibility of all related issues on compliance objects, reducing duplication effort and improving efficiency in managing issue impact.
Enables comprehensive impact analysis across multiple compliance objects linked to an issue, supporting better risk management and compliance oversight.

Issues can be linked to different types of objects such as risk, entity, control, control objective, engagement, policy, authority document, and others to determine issue impact. Use the many-to-many relationship tables for each of the objects to link similar issues to an object.

Note:

The Issue record has controls, control objectives, authority documents, policy, and engagements that can be associated with it as related items. However, you must associate the issue and each object as a corresponding m2m record which is stored in the corresponding m2m tables.

For example, issues are configured as a related list in the Controls form and you can link the issue to the control parent object. When you add an issue to a control, a record is created associating the item that is the control with the issue, in the Issue to Control [sn_grc_m2m_issue_item] table.

Viewing the issues related to a control was mainly only for reference. However, you can also link as many issues that are related to the control within the Control form. With this enhancement, you have the ability of:

visibility of viewing, and consolidating all related issues raised on the control
determining the impact analysis of all related issues
reducing the effort in working on duplicate issues and manage issue impact analysis

A user with sn_compliance_ws.corporate_compliance_analyst, sn_compliance_ws.corporate_compliance_manager, sn_compliance_ws.it_compliance_manager, or sn_compliance.admin roles can create and delete the records in the many-to-many tables. However, users with these roles cannot update an existing record in the m2m tables. To update a record, you require GRC admin (sn_grc.admin) role.

Many-to-many tables used in Compliance Workspace for creating and deleting the issue to object relationships are:

sn_grc_m2m_issue_item – Issue to control
sn_grc_m2m_issue_content – Issue to control objective
sn_grc_m2m_issue_engagement – Issue to Engagements
sn_grc_m2m_issue_document – Issue to Policy and Issue to Authority document

For more information, see:

Tables installed for descriptions of the m2m tables.
Create GRC issues for the different compliance objects that are linked to the issue.
Create a control using the Compliance Workspace to link issues to a control.
Linking automatically generated issues to a control in Many-to-many relationship to know how multiple issues linked to a control are categorized as automatically generated or manually created.
Create an authority document using the Compliance Workspace to link issues to an authority document.
Create a control objective using the Compliance Workspace to link issues to a control objective.
Create an audit engagement in Audit Workspace to link issues to an engagement.
Create a policy using the Compliance Workspace to link issues to a policy.
360° view of compliance objects and issues for a comprehensive and detailed overview of all object data that the issue is linked to in a many-to-many relationship.