Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Manage compliance issues and remediation

Manage compliance issues and remediation

Issues can be created manually to document audit observations, remediations, or to accept any problems. They are automatically generated from indicator results, attestation results, or control test effectiveness.

Various types of issues are created under the following conditions:
Issue
Created when an indicator fails
Control issue
Created when a control attestation is completed indicating that the control is Not implemented
Control test issue
Created when a control test is closed complete with the control effectiveness set to Ineffective
Other issue
Created by the user manually

Remediating an issue marks an intention to fix the underlying issue causing the control failure or risk exposure. Accepting an issue marks an intention to create an exception for a known control failure or risk. Controls that are Accepted remain in a non-compliant state until the control is reassessed. In this way, the issue can be used to document observations during audits.

Create a GRC issue manually

Manually create issues to document audit observations, the intention of remediations, or to accept any problems.

Before you begin

Role required: (per product)
  • In GRC: compliance_admin, compliance_manager, or sn_compliance.user
  • In Risk Management: risk_admin, risk_manager, or sn_risk.user
  • In Audit Management: audit_admin, audit_manager, or audit_admin or sn_audit.user

Procedure

  1. Navigate to one of the following locations:
    • Policy and Compliance > Issues > Create New.
    • Risk > Issues > Create New.
    • Audit > Issues > Create New.
  2. Fill in the fields on the form, as appropriate.
    Table 1. Issue
    Field Description
    Number Read-only field that is automatically populated with a unique identification number.
    State
    • New
    • Analyze
    • Respond
    • Review
    • Closed
    Assignment group A group assigned to the issue.
    Assigned to The user assigned to the issue.
    Priority Priority for this issue:
    • 1 - Critical
    • 2 - High
    • 3 - Moderate
    • 4 - Low
    • 5 - Planning
    Short description Brief description of the issue.
    Details
    Profile The related profile.
    Item The related control or risk.
    Description A more detailed explanation of the issue.
    Recommendation The recommended action to resolve this issue.
    Dates
    Planned start date Date and time that work on the issue is expected to begin.
    Planned end date Date and time that work on the issue is expected to end.
    Planned duration Estimated amount of work time. Calculated using the Planned state date and Planned end date.
    Actual start date Time when work began on this issue
    Actual end date Time when work on this issue was completed.
    Actual duration Amount of work time. Calculated using the Actual state date and Actual end date.
    Activity
    Work notes Information about how to resolve the issue, or steps already taken to resolve it, if applicable. Work notes are visible to users who are assigned to the issue.
    Additional comments (Customer visible) Public information about the issue.
    Engagement
    Engagement The related engagement.
  3. Click Submit.

This site is scheduled for a small content update on Tuesday, December 18th, between the hours of 4:00pm and 8:00pm Pacific Time (Dec 19 00:00 – Dec 19 4:00 UTC). Access to this site may be slightly delayed during that time.