0
21.0.3
Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu, Washington DC Patch 5, Washington DC Patch 3, Washington DC, Vancouver Patch 9
The ServiceNow® Policy and Compliance Management application provides a centralized process for creating and managing policies, standards, and internal control procedures that are mapped to external regulations. Additionally, the application provides structured workflows for identifying, assessing, and continuously monitoring control activities.
The Policy and Compliance Management application includes the following features:
- Scope entities and entity types.
- Manage a compliance library consisting of authority documents, citations, policies, and control objectives.
- Manage policies, procedures, and standards using a policy authoring workflow integrated with Microsoft® Office 365® for drafting, reviewing, approving, redlining, and publishing policies.
- Create a unique control for a control objective and entity, or create multiple and granular controls for the same control objective and entity.
- Respond to control attestations from the Employee Center.
- Request policy exceptions from the Employee Center or request an exception from other ServiceNow applications, such as Vulnerability Response, using the Policy Exception Integration Registry.
- Acknowledge policies from the Employee Center.
- Monitor controls continuously using indicator templates and indicators.
- View the compliance posture through reports and dashboards.
- Review the compliance posture of policies or checks from other ServiceNow applications by mapping them to control objectives using the Compliance data source registry.
- Manage issues and remediation tasks.
- Mark issues, remediation tasks, evidence requests, and evidence request tasks as confidential.
- Provide visibility of issues and remediation tasks to the management hierarchy.
- New
- Indexed source support has been added for Controls.
- Indexed source support has been added for Controls.
- Fixed
The following issues have been resolved:
-
- Policy exception approvals were being approved even when the required risk rating was missing.
- GRC Employee users were unable to accept assigned policy acknowledgements in the UI16 interface.
- On Washington and earlier glide version instances, both workflow and Flow Designer flows were being triggered for policy exceptions.
The following applications are automatically installed when the Policy and Compliance Management application is activated:
- GRC: Profiles
- GRC: Approval Configurator
- GRC: Taxonomy Management
Permissions and roles:
- To install the application, you require the System Administrator (admin) role.
When upgrading the Policy and Compliance Management application, ensure that you also upgrade the Compliance Management Workspace and any other installed GRC applications to their corresponding release versions. For example, Policy and Compliance Management version 21.x has been qualified to work with Compliance Management Workspace version 21.x and other GRC applications from the same 21.x release series.