Policy and Compliance:
Policy and Compliance management segment within the ServiceNow delivers a procedure for defining and managing policies, standards, and internal procedures. These policies, standards and procedures are cross mapped to external guidelines and best practices. Additionally, the product offers a structured workflow to identify, assess and continuous monitor the control activities.
Policy and Compliance Management consolidates the following activities:
- Establishing controls and controls owners
- Defining control tests and expected results
- Establishing test and control frequencies
- Identifying the risks: impact and likelihood
- Preparing attestations
- Mapping the authoritative sources to policies, procedures, controls, and risks
ServiceNow Risk Management module offers a central method which helps organizations in identifying, assessing, responding to, and continuously monitoring the Enterprise and IT risks which may have negative impact on business operations. The product also introduces a structured workflow for handling the risk assessment, risk indicator and risk issues effectively.
- Risk management resources put the effort together for identifying the following items:
- Determining the level of risk which the organization is agreeing to accept? Collate the risk data and then determine what is tolerable.
- Developing a risk management policy via risk frameworks and statements.
- Developing a risk assessment and response procedures.
- Implementing controls for reduce the organization’s risk exposure and repeat the same on regular intervals.
- Measuring the risk exposure and improvements as well.
Audit Management product in ServiceNow includes a set of events associated with planning audit engagement, executing engagement. The module also defines procedures for delivering reporting findings to the audit committee and executive board. Timely reporting guarantees that the organizational strategy for the risk and compliance management is effective.
The Audit Management module is used by the auditors who conduct audit per ISO 20000/ISO270001/02 standards. Auditors are responsible for the following activities as well:
- Reviewing policies and procedures
- Timely risk review
- Reviewing control design
- Reviewing control test design
- Reviewing control test results
- Defining test controls
- Providing issue observations
Vendor Risk Management:
Vendor Risk Management module in ServiceNow suite offers a consolidated solution to manage vendor portfolios, to assess vendor risk and application tier and to complete the remediation life cycle.
Assessments conducted in the VRM module provides with the information and proof that can be used in determining the risk associated with a third-party vendor. Assessments contain one or more questionnaires and one or more document requests for gathering the information.