Risk and compliance tab

  • Release version: Yokohama
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Risk and compliance tab

    The Risk and compliance tab on the privacy management dashboard offers a centralized platform for ServiceNow customers to monitor privacy-related risk exposure and regulatory compliance performance. It enables organizations to assess the effectiveness of privacy controls in mitigating risks and ensuring adherence to key regulatory frameworks such as NIST SP 800-53 and the EU GDPR.

    Show full answer Show less

    This dashboard provides real-time insights through intuitive visualizations, helping privacy teams quickly identify high-risk areas, prioritize remediation efforts, and maintain continuous regulatory alignment as requirements evolve.

    Key Features

    • Risk Overview: A donut chart showing the distribution of processing activities by aggregated risk levels, with options to filter by residual or inherent risk. Activities are color-coded to highlight risk severity.
    • Risk Heatmap: Visualizes all identified risks by processing activity, segmented by risk and control effectiveness or impact and likelihood. The view adapts based on the selected risk classification filter.
    • Compliance Overview: Summarizes compliance posture against multiple regulatory frameworks and policies. Users can filter by specific authority documents or policies such as Employee Data Privacy Policy or Customer Data Privacy Policy to view compliance scores. Administrators can configure which policies and authority documents are highlighted.
    • Control Objectives Needing Attention: Lists control objectives requiring immediate remediation, indicating the number of impacted processing activities. Each item links to detailed information for focused review.
    • Regulatory Change Management (requires Regulatory Change Management application): Includes an Activity Overview widget displaying the status of change-related activities triggered by regulatory updates, and an Impact Assessment widget showing ongoing assessments. Both use visual indicators for easy status tracking.

    Benefits for ServiceNow Customers

    By consolidating risk and compliance insights into a single dashboard, customers gain faster decision-making capabilities and improved accountability across their privacy programs. The data-driven visualizations support informed management of privacy risks and compliance gaps, ensuring adherence to industry standards and legal obligations. This centralized view simplifies monitoring and response to evolving regulatory requirements, enhancing the effectiveness of privacy controls and governance.

    The Risk and compliance tab on the privacy management dashboard provides a centralized view of privacy-related risk exposure and regulatory compliance performance.

    The Risk and compliance tab on the privacy management dashboard enables organizations to monitor the risk and compliance postures of the privacy program within the organization. It helps evaluate how effective current privacy controls are in mitigating identified risks and supporting compliance.

    Using this dashboard, teams can track adherence to major regulatory frameworks, including NIST SP 800-53 and the EU GDPR. The dashboard presents data through intuitive visualizations such as heatmaps, compliance scores, and summaries of control objectives that need attention. These visuals provide immediate insights into risk exposure and compliance gaps across the organization. Privacy teams can identify high-risk areas and assign priority to remediation tasks based on real-time data.

    The dashboard also assists in confirming continuous regulatory alignment as requirements evolve, or new risks emerge. By consolidating risk and compliance insights into one view, it supports faster decision-making and improved accountability across privacy functions.

    The visualization and data-driven layout support informed decision-making for privacy teams, confirming adherence to industry standards and legal obligations. This dashboard displays the following widgets.
    Risk overview

    This donut chart displays the distribution of processing activities across different aggregated risk levels. By default, the distribution is based on the aggregated residual risk scores. However, you can apply a filter to view the distribution based on aggregated inherent risk classification instead. Each activity is color-coded by its associated risk level.

    The Risk heatmap widget displays the visualization of all identified risks within each processing activity. By default, residual risk filter is applied, but you can filter it based on inherent risk level. The heatmap is segmented, and the segmentation changes based on the filter. The activities fall under the respective combination of risk and control effectiveness, or impact and likelihood. The combination is based on the selected risk classification filter.

    Compliance overview

    This section summarizes compliance posture across different regulatory frameworks like NIST SP 800-53 and GDPR. It also provides a consolidated view. You can filter compliance information with specific Authority documents. Filtering the data by Policies shows compliance posture across privacy policies; for example, Employee Data Privacy Policy, Customer Data Privacy Policy, or third-party Privacy Policy. Select the appropriate authority document or policy in the drop-down filter to view compliance score.

    Use the sn_privacy.highlighted_policy and sn_privacy.highlighted_authority_document properties to configure the top two policies and authority documents that appear on this widget.

    Control objectives needing attention
    This section highlights specific control objectives requiring immediate remediation, along with the number of impacted processing activities. Each control objective is hyperlinked for detailed review.
    Regulatory change management

    The Activity overview widget displays the status of change-related activities triggered by regulatory updates. Each segment is represented using donut charts with status-based color coding.

    The Impact assessment widget shows ongoing Impact Assessments related to Regulatory Assessments. The drop-down menu enables you to change the assessment category.

    Note:
    These widgets are available only when you have the Regulatory Change Management application installed.
    The following image shows the Risk and compliance dashboard.
    Figure 1. Risk and compliance dashboard
    Risk and compliance tab on the privacy management home page.