ServiceNow GRC provides a strong framework that offers a wide range of practices to manage compliance activities. ServiceNow integrates with the Unified Compliance Framework through the authentication process and transforms into a central repository for all authority documents, which are part of SOX or PCI regulations. Let us understand how ServiceNow GRC improves efficient management of SOX activities.
The legacy SOX compliance activities were time-consuming, inefficient and there was always a risk occurrence factor. In order to ease this process for businesses, ServiceNow offers support to Sarbanes-Oxley (SOX) Content Pack as a part of ServiceNow GRC module. The ServiceNow GRC helps the entire SOX process with the following key capabilities:
The ServiceNow SOX dashboard displays multiple SOX reports in a single window. The dashboard differs based on the user roles of the logged user. The SOX main dashboards are:
The compliance overview dashboard provides an overview of SOX policies, controls, and effects on the entities related to SOX processes. The default reports added to this dashboard are:
The attestation overview dashboard provides an overview of all attestations related to SOX control and facilitates monitoring the status of attestations. The default reports added to this dashboard are:
This provides an overview of issues related to the SOX controls. By default, it will show the count of issues that are pending for the past 90 days, 90-30 days, last 30 days, and issues that have been due in the next 30days. It also shows the number of accepted control issues, issues by state, and issues that are backlogged by the owner. We can group the reports based on control, risk control objective, risk statement document, state, entity, and to whom it is assigned.
There is also an Advanced GRC dashboard (as Application Risk and Compliance Overview Dashboard). The advance dashboard provides more detailed reports on compliance, policy exceptions, and issues overview. All dashboard reports can be filtered using a business application filter.
This tab shows reports on total controls, compliant controls, non-compliant control, compliance status by month, compliance percentage, and an application compliance summary. We can apply a single filter or combination of two or more filter conditions of business criticality, control owning group, entity owner, enforcement, key control, and control state to generate the compliance overview report.
The risk-related dashboard will be displayed only if the advanced risk plugin is activated. Once the plugin is activated risk overview, risk posture, and audit overview dashboards will be displayed. Risk overview dashboards will display the heatmap by application criticality, risk response task overview, application risk summary, and application risk-mitigating controls status.
The policy exceptions overview tab will be displayed upon policy and compliance plugin activation. The policy exception overview tab provides information on new, approved, rejected, expired, and awaiting approval exceptions. It also shows the expiration and exceptions of the upcoming exceptions that are approved from the request raised.
This will provide information about various compliance and risk-related issues of various business applications. It shows the overall open, critical priority, high priority, accepted, and past issues. It also shows the trends in issues creation, issues closed, remediation task creation, and remediation task closure.
G. Nagasai works as a ServiceNow Developer at V-Soft Labs and she has overall 3 years of IT experience. She is certified as a ServiceNow Administrator. She has thorough knowledge in IT Service Management (ITSM) and Service Portal implementations aspects. Apart from this is well versed with JavaScript and Oracle too.