Risk and Compliance Dashboard reports and solutions

Release version: Yokohama

Updated January 30, 2025

5 minutes to read

Summarize

Summarized using AI

Summary of Risk and Compliance Dashboard reports and solutions

The Risk and Compliance Dashboard in the ServiceNow GRC suite offers a unified, comprehensive view of your organization's compliance and risk posture. Designed primarily for chief information security officers, it consolidates analytical data from major GRC applications, enabling informed decision-making on cybersecurity, risk, privacy, audit, and third-party management. Note that all reports are accessible only when their respective workspaces are installed.

Show full answer Show less

Access and Roles

Access to specific reports requires appropriate ServiceNow AI Platform roles:

Compliance reports: sngrcdashboards.grccisouser and snbod.ciso
Risk reports: sngrcdashboards.grccisouser and snbod.ciso
Business Continuity Management: snbcm.viewer and snbod.ciso
Third-party risk: snvdrriskasmt.vendorassessmentreviewer and snbod.ciso
Privacy: snprivacy.analyst and snbod.ciso
Audit: snauditws.auditor and snbod.ciso

To open the dashboard, navigate via All > Cybersecurity Executive Dashboard > Cybersecurity Executive Dashboard.

Key Indicators

Compliance Posture: Displays compliance percentage and control compliance through formula and automated indicators.
Privacy Compliance Posture: Shows processing activity compliance scores.
Functional Domain Breakdowns: Offers detailed views by organizational areas.

Reports and Their Practical Use

The dashboard organizes reports into tabs, each sourced from specific tables and workspaces, providing focused insights:

Overview Tab

Compliance Posture: Line chart showing IT and cybersecurity compliance based on control data.
Risk Posture: Donut chart summarizing risk counts by rating from core and advanced risk tables.
Ongoing Crisis Events: Displays current recovery events needing attention.
Assets by Recovery Status: Visualizes asset recovery progress during crisis events.
Recovery Tasks by Status: Tracks progress of recovery tasks.

Compliance Overview Tab

Authority Documents: Donut chart showing compliance status, high priority issues, and exceptions per document.
Policies: Donut chart detailing compliant and non-compliant policies with issue counts and compliance scores.

Risk Overview Tab

Risk Posture: Donut chart and list providing risk ratings to prioritize and manage organizational risks.
Third-party Risk Posture: Displays overall risk ratings for vendors including risk criteria, tiers, intelligence ratings, and overdue tasks.

Privacy Overview Tab

Privacy Compliance Posture: Tracks monthly processing activity compliance scores.
Overdue High Priority Issues: Lists critical overdue privacy issues for prompt resolution.
Privacy Risk Heatmap: Visualizes privacy risk assessment results to identify and manage high criticality risks.

Entity Overview Tab

Entities List: Summarizes entity-specific risks, compliance scores, and high priority issues related to non-compliant controls.

Audit Overview Tab

Open and Upcoming Audit Engagements: Lists audits with key details including leads, timelines, high-priority issues, and milestone progress.

Filters

Risk criteria filters enable customized views of third-party or vendor risks by selected risk domains, helping focus on specific risk areas relevant to your organization.

Practical Benefits for ServiceNow Customers

Gain a centralized, real-time view of compliance and risk across multiple GRC domains.
Leverage role-based access to ensure appropriate visibility and control for different teams.
Use detailed reports and visualizations to prioritize risk mitigation, track compliance, and manage recovery efforts effectively.
Improve oversight of third-party and privacy risks with specialized dashboards and indicators.
Streamline audit management with visibility into engagements and associated risks.

The Risk and Compliance dashboard is a unified dashboard that provides a comprehensive analytical data of reports available from the major GRC applications for the chief information security officer to understand the compliance and risk posture of the organization. The dashboard consolidates data from various products within the ServiceNow GRC suite of applications.

Note:

All reports are available only when the corresponding workspaces are installed.

Video showing the reports available in the different tabs of the Risk and compliance dashboard. — Figure 1. Risk and compliance dashboard

Required ServiceNow AI Platform roles

For Compliance related reports: User must have sn_grc_dashboards.grc_ciso_user role and sn_bod.ciso role.
For Risk related reports: User must have sn_grc_dashboards.grc_ciso_user role and sn_bod.ciso role.
For Business Continuity Management related reports: User must have sn_bcm.viewer role and sn_bod.ciso role.
For Third-party risk related reports: User must have sn_vdr_risk_asmt.vendor_assessment_reviewer role and sn_bod.ciso role.
For Privacy related reports: User must have sn_privacy.analyst role and sn_bod.ciso role.
For Audit related reports: User must have sn_audit_ws.auditor role and sn_bod.ciso role.

Access the Risk and Compliance Dashboard

To open the dashboard, navigate to All > Cybersecurity Executive Dashboard > Cybersecurity Executive Dashboard.

Indicators

Compliance posture

Compliance percentage: Formula indicator that depicts compliance posture.
All Controls: Automated indicator that supports the formula indicator.
Compliant Controls: Automated indicator that supports the formula indicator.

Privacy compliance posture

PA indicator: Processing activity compliance score percentage.

Breakdowns

Functional Domain.

Reports

Note:

All reports are available only when the corresponding workspaces are installed.

Table 1. Overview tab
Title	Type	Source table	Description
Compliance posture	Line chart	Control [sn_compliance_control]	Provides cybersecurity and risk, and IT risk and compliance posture based on data analysis to the compliance managers.
Risk posture	Donut chart	The source tables are as follows: Risk [sn_risk_risk] Detailed aggregated risk [sn_risk_advanced_risk_assessment_result] (When the Advanced Risk application is installed and Advanced Risk Assessment is enabled	Provides the risk count based on the risk ratings.
Ongoing crisis events	Single Score	Recovery event [sn_recovery_event] where event type is actual	Displays the total number of ongoing crisis events that are neither approved nor closed.
Assets by recovery status	Donut chart	Assets [sn_recovery_event_asset]	Provides the total number of assets for ongoing crisis events grouped by their recovery status, including assets that have been recovered and those that have not.
Recovery tasks by status	Donut chart	Recovery tasks [sn_recovery_event_task]	Provides the status of recovery tasks in various states for ongoing crisis events.

Table 2. Compliance overview tab
Title	Type	Source table	Description
Authority documents	Donut chart	Authority Document [sn_compliance_authority_document]	Provides data of compliant and non-compliant authority documents in the chart. The list provides details of the authority documents, their individual compliance score in percentage, count of high priority issues and high risk exceptions on the authority documents, and the count of compliant cases.
Policies	Donut chart	Policy [sn_compliance_policy]	Provides the count of compliant and non-compliant policies in the chart. The list provides details of the policies, their individual compliance score in percentage, count of high priority issues and risk exceptions raised on each policy, and the count of compliant cases.

Table 3. Risk overview tab
Title	Type	Source table	Description
Risk posture	Donut chart	The source tables are as follows: Risk [sn_risk_risk] Detailed aggregated risk [sn_risk_advanced_risk_assessment_result] (When the Advanced Risk application is installed and Advanced Risk Assessment is enabled)	Provides the risk count based on the risk ratings.
Risk posture	List	GRC Content Status [sn_grc_content_reports]	Provides the risk rating for each organizational risk to understand the overall risk assessment results. These ratings help organizations understand the potential impact and likelihood of various risks, enabling them to prioritize and manage these risks. The Risk posture card also highlights the following information for each risk: Risk appetite: Risk appetite value defined. High priority issues: The number of issues with priority is defined as High. Overdue risk response tasks: Number of overdue risk response tasks. KRI Breach %: Percentage of Key Risk Indicators (KRIs) that have exceeded their predefined thresholds or limits.
Third-party risk posture	Donut chart	Third-party risks [sn_grc_dashboards_third_party_risk]	Provides the risk rating for each third party. The risk rating is the overall assessment rating that considers the scores and ratings from all assessments conducted for a third party or vendor. The Third-party risk posture card also highlights the following information for each third party or vendor: Risk criteria: Group of risk domains (sometimes called risk areas in other platform features) that applies to a particular type of third party. Risk tier: Value determined based on the responses collected after an inherent risk assessment (IRQ) is completed. Risk intelligence rating: Aggregate of all the scores collected from Risk intelligence providers. Overdue risk response tasks: Number of overdue risk response tasks.

Table 4. Privacy overview tab
Title	Type	Source table	Description
Privacy compliance posture	Line	PA indicator: Processing activity compliance score percentage [pa_indicators]	Provides the compliance posture by month and is plotted by referring to the overall compliance score across all the processing activities.
Overdue high priority issues	Single score	Issues [sn_grc_issue]	Provides a focused overview of all overdue high-priority privacy-related issues, enabling quick identification and resolution of critical tasks to ensure compliance and data protection.
Privacy risk heatmap	Heatmap	Risk assessment methodology [sn_risk_advanced_risk_assessment_methodology]	Provides the privacy risk assessment data in the form of a heatmap. Privacy risk assessments are detailed assessments that are conducted if the criticality score is high. Assess each risk that is associated with the processing activity and know the aggregated risk score on the processing activity. After you assess the privacy risks, you can view the privacy risk posture on the risk heatmap.

Table 5. Entity overview tab
Title	Type	Source table	Description
Entities	List	Entity compliance status [sn_compliance_entities_reports]	Provides the summary of risks directly associated with the entity that contribute to the overall risk rating of the entity. The list also displays the compliance score of entities, and high priority issues and risk exceptions that are raised as a result of the non-compliant controls associated with the entity.

Table 6. Audit overview tab
Title	Type	Source table	Description
Open and upcoming audit engagements	List	Engagement [sn_audit_engagement]	Provides a list of open and upcoming audit engagements. The list also provides details of the engagement lead for each authority document, each engagement's planned start and end dates, high-priority issues, percentage of fieldwork that is completed, and the milestones in progress.

Filters


Name	Type	Description
Risk criteria	Report	Depending on which risk criterias you select, the donut chart and list shows the third parties or vendors that are in those risk areas.