Governance, Risk, and Compliance (GRC) Governance, Risk, and Compliance (GRC) is the methodology created to manage the strict and complex regulatory and industry requirements across corporate environments. The ServiceNow® GRC suite contains four main applications: Policy and Compliance Management, Risk Management, Audit Management, and Vendor Risk Management. Who uses GRC? The complete GRC process involves all areas of your organization working together. Board of directors Audit committee IT steering committee Compliance officer Risk officers (conduct risk assessment and identify all that can go wrong in business) All levels of management (assist the risk officers with the identification of what can go wrong in their processes) Audit committee Auditors (an independent body, typically reporting to the board of directors) GRC and the Now Platform Because the GRC application is built on the Now Platform, data and evidence is provided back to GRC allowing you: full access to all asset, configuration, and IT data within the instance automatic evidence and data collection to see if controls are working access to source data from real-time reporting centralized access and management for all authoritative sources, policies, and controls full work flow integration and business process support integrating controls directly into your business processes document management and knowledge base can be used to support Policy Management and control test instructions secure integration to gather evidence and report on controls outside of the instance Applications and integrations supporting GRC workflowThe following applications and integrations work together with other GRC applications or ServiceNow® applications to maximize your GRC workflow.GRC terminologyThe following terms are used within GRC applications.Policy and Compliance ManagementThe ServiceNow® Policy and Compliance Management product provides a centralized process for creating and managing policies, standards, and internal control procedures that are cross-mapped to external regulations and best practices. Additionally, the application provides structured workflows for the identification, assessment, and continuous monitoring of control activities.Risk ManagementThe ServiceNow® Risk Management application provides a centralized process to identify, assess, respond to, and continuously monitor Enterprise and IT risks that may negatively impact business operations. The application also provides structured workflows for the management of risk assessments, risk indicators, and risk issues. Audit ManagementThe ServiceNow® Audit Management application involves a set of activities related to planning audit engagements, executing engagements, and reporting findings to the audit committee and executive board. Engagement reporting assures key stakeholders that the organization's risk and compliance management strategy is effective.Vendor Risk ManagementThe Vendor Risk Management application provides a centralized process for managing your organization's vendor portfolio and completing the vendor assessment and remediation lifecycle. Governance, Risk, and Compliance (GRC) - LegacyThe ServiceNow® Governance, Risk, and Compliance (GRC) application enables an organization to document authority documents, policies, and risks and then design controls to enforce those documents and mitigate risk. Organizations can schedule and run control tests and/or conduct audits to gather compliance evidence and identify failures that require remediation.