Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Manage compliance issues and remediation

Manage compliance issues and remediation

Issues can be created manually to document audit observations, remediations, or to accept any problems. They are automatically generated from indicator results, attestation results, or control test effectiveness.

Various types of issues are created under the following conditions:
Issue
Created when an indicator fails
Control issue
Created when a control attestation is completed indicating that the control is Not implemented
Control test issue
Created when a control test is closed complete with the control effectiveness set to Ineffective
Other issue
Created by the user manually

Remediating an issue marks an intention to fix the underlying issue causing the control failure or risk exposure. Accepting an issue marks an intention to create an exception for a known control failure or risk. Controls that are Accepted remain in a non-compliant state until the control is reassessed. In this way, the issue can be used to document observations during audits.

Create a GRC issue manually

Manually create issues to document audit observations, the intention of remediations, or to accept any problems.

Before you begin

Role required: (per product)
  • In GRC: compliance_admin, compliance_manager, or sn_compliance.user
  • In Risk Management: risk_admin, risk_manager, or sn_risk.user
  • In Audit Management: audit_admin, audit_manager, audit_admin, or sn_audit.user

Procedure

  1. Navigate to one of the following locations:
    • Policy and Compliance > Issues > Create New.
    • Risk > Issues > Create New.
    • Audit > Issues > Create New.
  2. Fill in the fields on the form, as appropriate.
    Table 1. Issue
    Field Description
    Number Read-only field that is automatically populated with a unique identification number.
    Assignment group The group to which this issue has been assigned. Each member will receive a notification when activity has occurred on this issue.
    Assigned to The member of the group assigned to resolve the issue.
    Configuration item The item associated with this issue.
    State
    • New
    • Analyze
    • Respond
    • Review
    • Closed
    Priority Priority for this issue:
    • 1 - Critical
    • 2 - High
    • 3 - Moderate
    • 4 - Low
    • 5 - Planning
    Issue group rule The group rule assigned to this issue.
    Parent Issue The parent issue this issue belongs to.
    Location The location where the issue occurred.
    Short description Brief description of the issue.
    Details
    Profile The related profile.
    Item The related control or risk.
    Content The content of the issue.
    Description A more detailed explanation of the issue.
    Recommendation The recommended action to resolve this issue.
    Dates
    Planned start date Date and time that work on the issue is expected to begin.
    Planned end date Date and time that work on the issue is expected to end.
    Planned duration Estimated amount of work time. Calculated using the Planned state date and Planned end date.
    Actual start date Time when work began on this issue.
    Actual end date Time when work on this issue was completed.
    Actual duration Amount of work time. Calculated using the Actual state date and Actual end date.
    Activity
    Work notes Information about how to resolve the issue, or steps already taken to resolve it, if applicable. Work notes are visible to users who are assigned to the issue.
    Additional comments (Customer visible) Public information about the issue.
    Engagement
    Engagement The related engagement.
  3. Click Submit.