0
21.0.2
Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu, Washington DC Patch 5, Washington DC Patch 3, Washington DC, Vancouver Patch 9
The ServiceNow® Policy and Compliance Management application provides a centralized process for creating and managing policies, standards, and internal control procedures cross-mapped to external regulations. Additionally, the application provides structured workflows for identifying, assessing, and continuously monitoring control activities.
The Policy and Compliance Management application includes the following features:
- Scope entities and entity types
- Manage a compliance library consisting of authority documents, citations, policies, and control objectives.
- Manage policies, procedures, and standards using a policy authoring workflow integrated with Microsoft® Office 365® for drafting, reviewing, approving, redlining, and publishing policies.
- Create a unique control for a control objective and entity, or create multiple, granular controls for the same control objective and entity.
- Respond to control attestations from the Employee Center.
- Request policy exceptions from the Employee Center or request an exception from other ServiceNow applications, such as Vulnerability Response, using the Policy Exception Integration Registry.
- Acknowledge policies from the Employee Center.
- Monitor controls continuously using indicator templates and indicators.
- View compliance posture through reports and dashboards.
- Review the compliance posture of policies or checks from other ServiceNow applications by mapping them to control objectives using the Compliance data source registry.
- Manage issues and remediation tasks.
- Mark issues, remediation tasks, evidence requests, and evidence request tasks as confidential.
- Provide visibility of issues and remediation tasks to the management hierarchy.
- New
- Policy exception extension approval using GRC Approval Configurator.
- Policy exception approval using GRC Approval Configurator.
- Feature roles supported on Policy and Compliance Management tables.
- Automated application of entity based access on newly created objects for tables where entity based access is already enabled (available from the Yokohama platform onwards).
- Changed
- Updated control attestation to support the replacement of multi-select field 'Assessment template categories' with a single select field 'Purpose' on Smart Assessment templates.
- Fixed
- Updated the reference qualifier for the Approver field on the Policy table to accommodate lite operators during the approval process.
- Resolved cross-scope issues in the functional domain scheduled job.
- Fixed issue where the GRC Business User Lite role was unable to open the request extension popup.
- Fixed localization issues.
- Resolved issue where Compliance Manager, GRC Business User, and GRC Business User Lite roles could not update the Description field on a Policy Exception.
- Fixed Query Range ACL error on the Control Objective overview page.
- Fixed Accessibility issues.
- Resolved issue where control records were not properly updated when a Smart Assessment Control Attestation was cancelled.
- Fixed validation issue with the “Valid to” field on the Policy form.
- Resolved issue where users were unable to “Return to Draft” controls in the Monitor state if they lacked access to all entities.
- Corrected the activity log to show the last approver’s name in the “Approved by” comment instead of the first approver for a policy record.
- Fixed issue in GRC where the “Group Issue By” functionality did not create new parent issues or reactivate previously deactivated ones.
- Resolved issue where the Request Approval button for Policy Exceptions in the New state was unresponsive for GRC Business User Lite.
- Fixed KB link issue in Policy Acknowledgement through Employee Center where the KB could not be found despite being published.
- Resolved error message “invalid value on the update” when rejecting a policy exception.
- Fixed issue where indicators of type “Basic” did not function as expected when domain separation was enabled.
- Corrected default value application for the Sample Size column on the Indicator table.
The following applications are automatically installed when the Policy and Compliance Management application is activated:
- GRC: Profiles
- GRC: Approver Configurator
- GRC: Taxonomy Management
Permissions and roles:
- Role required to install the app: System Administrator (admin)
When you upgrade the Policy and Compliance Management application, ensure that you also upgrade the Compliance Management Workspace and any other installed GRC applications to the corresponding release version. For example, Policy and Compliance Management version 21.x is certified to work with Compliance Management Workspace version 21.x and and other GRC applications of the same 21.x release series.