Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Security Incident Policy Violation flow template

Security Incident Policy Violation flow template

The Security Incident - Policy Violation - Template allows you to perform a series of tasks designed to handle security policy violations.

Before you begin

Role required: sn_si.write

About this task

This flow is triggered when the Category in a security incident is set to Policy violation.

Procedure

  1. Open the security incident for the policy violation, or create a new security incident.
  2. In Category, select Policy violation.
  3. Save the record.
  4. Scroll down and open the Response Tasks related list.
    The first of a series of response tasks appears. Each time the record is saved, your response to the previous task either causes the next response task to be created or the flow to end.
    Table 1. Response tasks in Policy Violation Template
    Response task Action Results
    Classify violation Classify how this infraction violates your organization's security policies.

    Update the State field in the task after you have completed it.

    The Advise violator of infraction response task is executed.
    Advise violator of infraction Communicate the nature of the infraction to the violator.

    Update the State field in the task after you have communicated it.

    The Obtain acknowledgement from violator response task is executed.
    Obtain acknowledgement from violator Obtain an acknowledgement from the violator of the infraction.

    Update the State field in the task as appropriate.

    The HR process response task is executed.
    HR process Communicate all necessary information about this violation to HR.

    Update the State field in the task as appropriate.

    The Set state to review response task is executed.
    Set state to review No action is necessary. The State of the security incident is changed automatically to Review.
    Schedule security awareness training Conduct a security awareness training to educate staff on how to prevent similar security violations in the future.

    Update the State field in the task as appropriate.

    If you change the state of the task to Closed Complete or Cancelled, the flow ends.