Manage control indicators using the Compliance Workspace

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Manage control indicators using the Compliance Workspace

    The Compliance Workspace in ServiceNow's Yokohama release supports continuous monitoring by enabling compliance administrators and managers to identify and manage key risk and control indicators. This workspace provides an executive view of compliance requirements, overall compliance status, and detailed breakdowns. It facilitates both automatic and manual data collection for indicators, which are then used to generate control issues, update risk scores, and support audit and control testing activities.

    Show full answer Show less

    Key Features

    • Indicators: Track data related to individual controls or risks and gather audit evidence to monitor compliance effectively.
    • Indicator Templates: Allow bulk creation of multiple indicators for similar controls or risks, improving efficiency and consistency.
    • Entity Based Access: Provides granular data access control by granting users or groups permissions based on entity relationships, ensuring appropriate visibility to indicator-related records such as indicators, indicator tasks, indicator results, and compliance overview data.
    • Compliance Overview Reports: A set of visual reports helps users analyze compliance, including donut charts for compliance requirements and overall compliance, bar charts comparing compliance by authority document, multi-level pivot views for compliance breakdowns, and charts highlighting non-compliant entities.
    • Authority Documents and Citations: Define the policies, risks, controls, and audits that govern compliance. Authority documents contain related lists for detailed conditions, while citations break down these documents into manageable themes. Both support content reference tags to facilitate filtering and integration with content packs and use case accelerators.

    Practical Benefits for ServiceNow Customers

    • Gain a comprehensive and executive-level understanding of compliance health across multiple entities and control areas.
    • Streamline monitoring and management of controls and risks through automated and manual data collection mechanisms.
    • Ensure precise access control to sensitive compliance data through entity-based access configurations.
    • Use detailed and customizable reports to identify compliance gaps and prioritize remediation efforts.
    • Leverage structured authority documents and citations to maintain alignment with regulatory requirements and audit needs.

    Continuous monitoring involves activities related to identifying and creating key risk and controls indicators. The Compliance Overview is available to compliance administrators and compliance managers, providing an executive view into compliance requirements, overall compliance, and compliance breakdowns.

    Supporting information can be collected for indicators through automatic data collection or manual tasks. Indicator results are then used to create issues for controls, update risk scores, and provide supporting information for audit activities and control testing.
    Indicators
    Indicators collect data to monitor controls and risks, and collect audit evidence. Indicators monitor a single control or risk.
    Indicator templates
    Indicator templates allow the creation of multiple indicators for similar controls or risks.
    Note:
    The Entity Based Access provides a framework for more granular approach to management of data access to objects associated with an entity. Administrators can grant access to an entity's related records by adding users or user groups, or by using entity user fields for entity-based access configuration. For more information, see Entity Based Access. When a user is qualified based on these configurations and has the minimum required roles, they will have access to the following tables:
    • Indicator
    • Indicator task
    • Indicator result

    Compliance Overview

    Table 1. Compliance Overview reports in the base system
    Name Visual Description
    Compliance Requirements Donut chart Select a wedge to focus on a specific compliance area.
    Overall Compliance Donut chart Displays the overall compliance of all the control requirements in the system. Selecting a specific wedge in the previous widget brings that area into focus.
    Entity Drop down list Select one or more entities to view and compare their compliance across multiple items.
    Control State Check list Select or clear check boxes to view filter reports by control state.
    Compliance by Authority Document Bar Chart Compare level of compliance depending on the selected entity and/or authority document.
    Compliance breakdown Multi-level Pivot View a breakdown of control compliance by related authority documents and policies.
    Non Compliant Entities Column Chart Count of non-compliant control requirements grouped by entity.

    Authority Documents

    Authority documents define policies, risks, controls, audits, and other processes to ensure adherence to the authoritative content.

    Each authority document is defined in a record and the related lists on that record contain the individual conditions of the authority document.

    The relationships of these authority document related list items are visible in the GRC Workbench in the Policy and Compliance Management application.
    Note:
    You can add content reference tags to authority documents. Content reference tags allow you to filter records in order to more easily identify the content packs, integrations, and use case accelerators associated with the authority documents.

    Citations

    Citations contain the provisions of the authority document, which can be interrelated. Citations break down an authority document into manageable themes.

    You can create citations or import them from UCF authority documents and then create any necessary relationships between the citations.
    Note:
    You can add content reference tags to citations. Content reference tags allow you to filter records in order to more easily identify the content packs, integrations, and use case accelerators associated with the citations.