0
20.1.3
Yokohama Patch 2, Yokohama, Xanadu Patch 4, Xanadu, Washington DC Patch 7, Washington DC Patch 5, Washington DC Patch 3, Vancouver Patch 9
The ServiceNow® Policy and Compliance Management application provides a centralized process for creating and managing policies, standards, and internal control procedures cross-mapped to external regulations. Additionally, the application provides structured workflows for identifying, assessing, and continuously monitoring control activities.
The Policy and Compliance Management application includes the following features:
- Scope entities and entity types
- Manage a compliance library comprising authority documents, citations, policies, and control objectives
- Manage policies, procedures, and standards using a policy authoring workflow integrated with Microsoft® Office 365® for drafting, reviewing, approving, redlining, and publishing policies
- Create and manage controls: Create a unique control for a control objective and entity, or create multiple, granular controls for the same control objective and entity
- Respond to control attestations from the Employee Center
- Manage policy exceptions: Request policy exceptions from the Employee Center or request an exception from other ServiceNow applications, like Vulnerability Response, using the Policy Exception Integration Registry
- Acknowledge policies from the Employee Center
- Monitoring controls continuously using indicator templates and indicators
- View compliance posture through reports and dashboards
- Review the compliance posture of policies or checks from other ServiceNow applications by mapping them to control objectives using the Compliance data source registry
- Manage issues and remediation tasks
- Mark issues, remediation tasks, evidence requests, and evidence request tasks as confidential
- Provide visibility of issues and remediation tasks to the management hierarchy
- New
- Entity based access enabled for Controls, Attestations, Policy exception to control (Yokohama Patch 2+)
- Changed
- Security attributes introduced to replace scripts in applicable ACLs
- Supporting changes for Knowledge management workflow to flow migration on Governance, Risk, and Compliance knowledge base and on publish and retire flows for KB article for a policy
- Fixed
- Policy record gets stuck in an irrecoverable "Awaiting approval" State when the last approval is granted at or after the first acknowledgment date
- Policy Exception records are closing automatically before valid to-date
- Smart Attestations are not generating for controls
- Accessibility and reflow issues on Authority Document and Citations Overview and Sidebar
- ACL bypass via the 'Request Extension' Service Portal Widget
- Policy review flow to be run as Compliance Admin instead of System
- Missing report view ACLs for tables
- ACL Bypass via "questionnaire_view" UI Macro
- Non-admin users are unable to publish the policy because the 'Request Approval' button is not functioning.
- The field "valid to" date is showing the wrong message on the Policy form
- On clicking the Import Policy Text UI action - Images do not render and there are misalignments (Xanadu Patch 7, Yokohama Patch 1)
- The details field is missing in the Attestation designer after Xanadu Upgrade ( Xanadu Patch 8, Yokohama Patch 2)
- Re-publishing the Policy is showing empty "Revised by" in Policy and Compliance (Xanadu Patch 7, Yokohama Patch 1)
- Removed
- The sys_db_object payload files shipped which were overwriting customizations on sn_compliance_control sys_db_object entry
The following applications are automatically installed when the Policy and Compliance Management application is activated:
- GRC: Profiles
- GRC: Approver Configurator
- GRC: Taxonomy Management
Permissions and roles:
- Role required to install the app: System admin (admin)
When you upgrade the Policy and Compliance Management application, ensure to upgrade the Compliance Management Workspace and any other installed GRC applications to the equivalent release version. For example, Policy and Compliance Management version 20.x is certified to work with Compliance Management Workspace version 20.x and other versions of 20.x GRC applications.