Governance, Risk, and Compliance (GRC)

This release contains three new GRC-related products: Policy and Compliance Management, Risk Management, and Audit Management. The legacy GRC (com.snc.governance) plugin has been deprecated. Instances upgraded from a previous release can continue using legacy GRC, but the plugin is not available for activation.

Figure 1. GRC products
  • Whenever any of the GRC plugins are activated, both the GRC: Profiles [com.sn_grc] plugin and the GRC: Common [com.sn.grc.common] plugins are automatically activated, providing core components and a common architecture for all GRC applications.
    Figure 2. GRC: Profiles base table architecture
  • Although Audit Management does not require the activation of the Policy and Compliance Management or Risk Management plugins, the functionality and features in the audit application are more robust if all three GRC plugins are activated.
  • All three GRC applications can be configured for mobile applications using the basic ServiceNow platform capabilities.
  • The UCF import functionality is not automatically turned on by activating Policy and Compliance Management The GRC: UCF Import plugin must be activated also.