Governance, Risk, and Compliance (GRC) This release contains three new GRC-related products: Policy and Compliance Management, Risk Management, and Audit Management. The legacy GRC (com.snc.governance) plugin has been deprecated. Instances upgraded from a previous release can continue using legacy GRC, but the plugin is not available for activation. Figure 1. GRC products Whenever any of the GRC plugins are activated, both the GRC: Profiles [com.sn_grc] plugin and the GRC: Common [com.sn.grc.common] plugins are automatically activated, providing core components and a common architecture for all GRC applications. Figure 2. GRC: Profiles base table architecture Although Audit Management does not require the activation of the Policy and Compliance Management or Risk Management plugins, the functionality and features in the audit application are more robust if all three GRC plugins are activated. All three GRC applications can be configured for mobile applications using the basic ServiceNow platform capabilities. The UCF import functionality is not automatically turned on by activating Policy and Compliance Management The GRC: UCF Import plugin must be activated also. Activate GRC: Policy and Compliance ManagementThe GRC: Policy and Compliance Management (com.sn_compliance) plugin is available as a separate subscription.Activate GRC: Risk ManagementThe GRC: Risk Management (com.sn_risk) plugin is available as a separate subscription.Activate GRC: Audit ManagementThe GRC: Audit Management (com.sn_audit) plugin is available as a separate subscription.Legacy migrationCustomers currently using Legacy GRC [com.snc.governance] or Legacy Risk [com.sn_risk] are not required to activate and migrate to the new functionality, but recommended.Policy and Compliance ManagementThe ServiceNow® GRC: Policy and Compliance Management application provides processes for creating and managing policies, standards, and internal control procedures that are cross-mapped to external regulations and best practices.Risk ManagementThe ServiceNow® GRC: Risk Management application has been rearchitected to improve the continuous monitoring of and response to risks that can negatively impact business operations. Risk Management also provides structured workflows for the management of risk assessments, risk indicators, and risk issues.Audit ManagementThe ServiceNow® GRC: Audit Management application provides a centralized process for internal audit teams to automate the complete audit life cycle. Project driven audits allow auditors to quickly scope engagements, conduct fieldwork, collect control evidence, and track audit observations.Governance, Risk, and Compliance (GRC) - LegacyThe ServiceNow® Governance, Risk, and Compliance (GRC) application enables an organization to document authority documents, policies, and risks and then design controls to enforce those documents and mitigate risk. Organizations can schedule and run control tests and/or conduct audits to gather compliance evidence and identify failures that require remediation. Risk Management overview - LegacyRisk ,management enables an organization to quickly identify and quantify the impact that loss events affecting various business processes and items (such as facilities, business services, and vendors) pose to the organization. A risk is a definition of the possible consequence of failing to comply with a policy.