Governance, Risk, and Compliance (GRC)

Governance, Risk, and Compliance (GRC) is the methodology created to manage the strict and complex regulatory and industry requirements across corporate environments. The ServiceNow® GRC suite contains four main applications: Policy and Compliance Management, Risk Management, Audit Management, and Vendor Risk Management.

Who uses GRC?

The complete GRC process involves all areas of your organization working together.

  • Board of directors
  • Audit committee
  • IT steering committee
  • Compliance officer
  • Risk officers (conduct risk assessment and identify all that can go wrong in business)
  • All levels of management (assist the risk officers with the identification of what can go wrong in their processes)
  • Audit committee
  • Auditors (an independent body, typically reporting to the board of directors)

GRC and the Now Platform

Because the GRC application is built on the Now Platform, data and evidence is provided back to GRC allowing you:
  • full access to all asset, configuration, and IT data within the instance
  • automatic evidence and data collection to see if controls are working
  • access to source data from real-time reporting
  • centralized access and management for all authoritative sources, policies, and controls
  • full work flow integration and business process support integrating controls directly into your business processes
  • document management and knowledge base can be used to support Policy Management and control test instructions
  • secure integration to gather evidence and report on controls outside of the instance