Configuration Compliance change management

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuration Compliance change management

    The Configuration Compliance application enables IT remediation owners to create and manage change requests (CHG) directly from remediation tasks (RTs). This integration supports the remediation of non-compliant software and technologies by leveraging ServiceNow's AI Platform® IT change management process. Change management is a key phase in the Configuration Compliance workflow, helping customers prioritize, track, and remediate test results efficiently.

    Show full answer Show less

    Note that from version 14.9 onwards, key terminology has been updated for clarity:

    • Test Result Group is now Remediation Task Group
    • Rules are now Remediation Task Rules
    • Policy Test Group is now Test Groups
    • Test Result is now Finding

    Key Features

    • Integration of Change Requests and Remediation Tasks: Customers can associate test results with existing change requests or create new remediation tasks for selected test results, streamlining remediation efforts.
    • Change Request Types: Three types of change requests can be created from remediation tasks:
      • Standard: Low-risk, pre-authorized changes with specified procedures.
      • Normal: Require two levels of approval, following a prescriptive process before implementation, review, and closure.
      • Emergency: Designed to quickly resolve major incidents.
    • Remediation Task Management: Test results are grouped into remediation tasks based on assignment rules and assigned to remediation owners for action.
    • Flexibility in Task Handling: Ability to split remediation tasks to focus on specific subsets of test results without affecting the original tasks.
    • Avoidance of Duplicate Change Requests: Ability to associate remediation tasks to existing change requests, ensuring efficient tracking and resource allocation.

    Practical Use for ServiceNow Customers

    ServiceNow customers can use the Configuration Compliance application to:

    • Streamline compliance remediation by linking test results directly to change management processes.
    • Manage large volumes of non-compliant assets by deferring items or reallocating resources through change requests.
    • Expedite remediation with pre-populated change requests that facilitate investigation and manual intervention.
    • Maintain control and oversight over compliance remediation efforts with structured change request workflows supporting standard, normal, and emergency scenarios.

    As an IT remediation owner, you can create and manage change requests (CHG) directly from remediation tasks (RTs) in the Configuration Compliance application.

    Note:
    Starting with v14.9 of Configuration Compliance, the following terms have been renamed:
    Table 1. Changes in terminology
    Terminology prior to v14.9 Terminology v14.9 onwards
    Test Result Group Remediation Task
    Group Rules Remediation Task Rules
    Policy Test group

    Change requests and the Configuration Compliance workflow

    Change requests and change management are part of the remediation process of the Configuration Compliance workflow. During this remediation phase, you might use change requests to help you prioritize, track, and remediate test results.

    The Configuration Compliance application works with the ServiceNow AI Platform® IT change management process to help you remediate non-compliant software and technologies in your environment.

    With change management in the Configuration Compliance application, you can associate test results to existing change requests, or split a remediation task and create a new remediation task only for selected test results.

    For more information, see Create a change request in Configuration Compliance.

    Key terms

    Tests
    Tests are libraries of data records that organize scans of computing assets. Configuration tests define how a class of technology assets should be governed. A test is anything that can be used to identify a class of software or a hardware asset that is out of compliance.
    Test results
    Test results are imported by third-party integrations. Once they are viewable in Configuration Compliance, they are remediated using Remediation Tasks. Groups are assigned for remediation according to assignment rules.
    Note:
    Starting with version 14.9 of Configuration Compliance, test result is labelled, Finding.
    Remediation task
    Test results are grouped into remediation tasks according to assignment rules and automatically assigned to remediation owners for remediation.
    Note:
    Starting with version 14.9 of Configuration Compliance, test result is labeled Remediation Task.
    Test groups
    Test groups are related to authoritative documents and test records. A group of configuration tests define Test groups.
    Change requests
    Change requests help you implement controlled processes for remediation. You might use change requests with remediation tasks in Configuration Compliance to help you identify, track, and resolve non-compliant assets (configuration items) that require additional resources, or that you might target for deferral.

    For more information about test results and remediation tasks, see Configuration Compliance remediation tasks and remediation task rules overview.

    When to use change requests in Configuration Compliance

    Change requests help you initiate and track remediation activities on your test results. When remediation owners have large numbers of unremediated test results or configuration items, they might use change requests to identify test results for deferral. Alternatively, they might identify and regroup test results and configuration items that require more resources than initially identified in the original remediation task.
    Create change requests from a remediation task
    Create a change request directly from a remediation task for all the test results in the remediation task, or use filtering to identify only test results that match specific criteria. Create a change request with pre-populated information to expedite your investigation for test results that require manual intervention.
    Split a remediation task
    From an existing remediation task, identify a subset of test results that you want to move to a new remediation task. By creating a new TRG, you can work with a specific group of test results without impacting the original remediation task.
    Associate test results to an existing change request
    Associate test results to existing tasks to avoid creating duplicate change requests as you work to resolve your remediation tasks. By associating a remediation task to a change request that is already available in your instance, you can use an existing lists of tasks.

    Types of change requests for a remediation task

    You can create, approve, implement, review, and close change requests directly from remediation tasks that are assigned to you. You can create three types of change requests with pre-populated information from a remediation task:

    • Standard. A pre-authorized change that is low risk, relatively common and follows a specified procedure or work instruction.
    • Normal. Normal change requests follow a prescriptive process which requires two levels of approval before being implemented, reviewed, and closed.
    • Emergency. A change to resolve a major incident.