Contents Governance, Risk, and Compliance (GRC) Previous Topic Next Topic Governance, Risk, and Compliance (GRC) ... SAVE AS PDF Selected Topic Topic & Subtopics All Topics in Contents Other Share Governance, Risk, and Compliance (GRC) Governance, Risk, and Compliance (GRC) is the methodology created to manage the strict and complex regulatory and industry requirements across corporate environments. The ServiceNow® GRC suite contains four main applications: Policy and Compliance Management, Risk Management, Audit Management, and Vendor Risk Management. Who uses GRC? The complete GRC process involves all areas of your organization working together. Board of directors Audit committee IT steering committee Compliance officer Risk officers (conduct risk assessment and identify all that can go wrong in business) All levels of management (assist the risk officers with the identification of what can go wrong in their processes) Audit committee Auditors (an independent body, typically reporting to the board of directors) GRC and the Now Platform Because the GRC application is built on the Now Platform, data and evidence is provided back to GRC allowing you: full access to all asset, configuration, and IT data within the instance automatic evidence and data collection to see if controls are working access to source data from real-time reporting centralized access and management for all authoritative sources, policies, and controls full work flow integration and business process support integrating controls directly into your business processes document management and knowledge base can be used to support Policy Management and control test instructions secure integration to gather evidence and report on controls outside of the instance Applications and integrations supporting GRC workflowThe following applications and integrations work together with other GRC applications or ServiceNow® applications to maximize your GRC workflow.GRC terminologyThe following terms are used within GRC applications.Domain separation in Governance, Risk, and Compliance (GRC)This is an overview of domain separation and Governance, Risk, and Compliance. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.Policy and Compliance ManagementThe ServiceNow® Policy and Compliance Management product provides a centralized process for creating and managing policies, standards, and internal control procedures that are cross-mapped to external regulations and best practices. Additionally, the application provides structured workflows for the identification, assessment, and continuous monitoring of control activities.Risk ManagementThe ServiceNow® Risk Management application provides a centralized process to identify, assess, respond to, and continuously monitor Enterprise and IT risks that may negatively impact business operations. The application also provides structured workflows for the management of risk assessments, risk indicators, and risk issues. Audit ManagementThe ServiceNow® Audit Management application involves a set of activities related to planning audit engagements, executing engagements, and reporting findings to the audit committee and executive board. Engagement reporting assures key stakeholders that the organization's risk and compliance management strategy is effective.Vendor Risk ManagementThe Vendor Risk Management application provides a centralized process for managing your vendor portfolio, assessing vendor risk and tiering, and for completing the remediation life cycle. On this page Send Feedback Previous Topic Next Topic
Governance, Risk, and Compliance (GRC) Governance, Risk, and Compliance (GRC) is the methodology created to manage the strict and complex regulatory and industry requirements across corporate environments. The ServiceNow® GRC suite contains four main applications: Policy and Compliance Management, Risk Management, Audit Management, and Vendor Risk Management. Who uses GRC? The complete GRC process involves all areas of your organization working together. Board of directors Audit committee IT steering committee Compliance officer Risk officers (conduct risk assessment and identify all that can go wrong in business) All levels of management (assist the risk officers with the identification of what can go wrong in their processes) Audit committee Auditors (an independent body, typically reporting to the board of directors) GRC and the Now Platform Because the GRC application is built on the Now Platform, data and evidence is provided back to GRC allowing you: full access to all asset, configuration, and IT data within the instance automatic evidence and data collection to see if controls are working access to source data from real-time reporting centralized access and management for all authoritative sources, policies, and controls full work flow integration and business process support integrating controls directly into your business processes document management and knowledge base can be used to support Policy Management and control test instructions secure integration to gather evidence and report on controls outside of the instance Applications and integrations supporting GRC workflowThe following applications and integrations work together with other GRC applications or ServiceNow® applications to maximize your GRC workflow.GRC terminologyThe following terms are used within GRC applications.Domain separation in Governance, Risk, and Compliance (GRC)This is an overview of domain separation and Governance, Risk, and Compliance. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.Policy and Compliance ManagementThe ServiceNow® Policy and Compliance Management product provides a centralized process for creating and managing policies, standards, and internal control procedures that are cross-mapped to external regulations and best practices. Additionally, the application provides structured workflows for the identification, assessment, and continuous monitoring of control activities.Risk ManagementThe ServiceNow® Risk Management application provides a centralized process to identify, assess, respond to, and continuously monitor Enterprise and IT risks that may negatively impact business operations. The application also provides structured workflows for the management of risk assessments, risk indicators, and risk issues. Audit ManagementThe ServiceNow® Audit Management application involves a set of activities related to planning audit engagements, executing engagements, and reporting findings to the audit committee and executive board. Engagement reporting assures key stakeholders that the organization's risk and compliance management strategy is effective.Vendor Risk ManagementThe Vendor Risk Management application provides a centralized process for managing your vendor portfolio, assessing vendor risk and tiering, and for completing the remediation life cycle.
Governance, Risk, and Compliance (GRC) Governance, Risk, and Compliance (GRC) is the methodology created to manage the strict and complex regulatory and industry requirements across corporate environments. The ServiceNow® GRC suite contains four main applications: Policy and Compliance Management, Risk Management, Audit Management, and Vendor Risk Management. Who uses GRC? The complete GRC process involves all areas of your organization working together. Board of directors Audit committee IT steering committee Compliance officer Risk officers (conduct risk assessment and identify all that can go wrong in business) All levels of management (assist the risk officers with the identification of what can go wrong in their processes) Audit committee Auditors (an independent body, typically reporting to the board of directors) GRC and the Now Platform Because the GRC application is built on the Now Platform, data and evidence is provided back to GRC allowing you: full access to all asset, configuration, and IT data within the instance automatic evidence and data collection to see if controls are working access to source data from real-time reporting centralized access and management for all authoritative sources, policies, and controls full work flow integration and business process support integrating controls directly into your business processes document management and knowledge base can be used to support Policy Management and control test instructions secure integration to gather evidence and report on controls outside of the instance Applications and integrations supporting GRC workflowThe following applications and integrations work together with other GRC applications or ServiceNow® applications to maximize your GRC workflow.GRC terminologyThe following terms are used within GRC applications.Domain separation in Governance, Risk, and Compliance (GRC)This is an overview of domain separation and Governance, Risk, and Compliance. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.Policy and Compliance ManagementThe ServiceNow® Policy and Compliance Management product provides a centralized process for creating and managing policies, standards, and internal control procedures that are cross-mapped to external regulations and best practices. Additionally, the application provides structured workflows for the identification, assessment, and continuous monitoring of control activities.Risk ManagementThe ServiceNow® Risk Management application provides a centralized process to identify, assess, respond to, and continuously monitor Enterprise and IT risks that may negatively impact business operations. The application also provides structured workflows for the management of risk assessments, risk indicators, and risk issues. Audit ManagementThe ServiceNow® Audit Management application involves a set of activities related to planning audit engagements, executing engagements, and reporting findings to the audit committee and executive board. Engagement reporting assures key stakeholders that the organization's risk and compliance management strategy is effective.Vendor Risk ManagementThe Vendor Risk Management application provides a centralized process for managing your vendor portfolio, assessing vendor risk and tiering, and for completing the remediation life cycle.
