Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Review the policy exception request

Log in to subscribe to topics and get notified when content changes.

Review the policy exception request

After reviewing a policy exception request, a compliance manager can accept or reject the request. However, if the compliance manager does not have enough information to make a decision, they can request a risk assessment by the risk manager.

Before you begin

Role required: compliance manager

Procedure

  1. Navigate to Policy and Compliance > My Policy Exceptions.
  2. Select the policy exception.
  3. Review the following fields:
    Table 1. Policy exception request Business Impact Analysis tab
    Field Value
    Risk description Enter a description of the risk.
    Residual likelihood If it is not None, select the likelihood of this risk occurring:
    • 5 - Extremely Likely
    • 4 - Likely
    • 3 - Neutral
    • 2 - Unlikely
    • 1 - Extremely Unlikely
    Residual impact If it is not None, select the residual impact of this risk:
    • 5 - Very High
    • 4 - High
    • 3 - Moderate
    • 2 - Low
    • 1 - Very Low
    Residual score This value is calculated after you select a residual likelihood and residual impact rating:
    • 5 - Very High
    • 4 - High
    • 3 - Moderate
    • 2 - Low
    • 1 - Very Low
  4. Perform one of the following actions:
    OptionAction
    To view or add impacted controls to the policy exception
    1. Click the Impacted Controls tab.
    2. Click Add or Add All.
    3. Choose the controls to associate to the policy exception.
    To view mitigating controls on the policy exception
    • Click the Mitigating Controls tab.
    To view or add risks to the policy exception
    • Click the Risks tab.
    Note: This option is available when Governance, Risk, and Compliance is also activated.
    To view or add approvers to the policy exception
    • Click the Approvers tab.
  5. Perform one of the following actions:
    OptionAction
    To approve the policy exception
    • Click Approve.

    An email notification is sent to the requester that the PER was approved and goes into effect.

    To reject the policy exception
    • Click Reject.

    An email notification is sent to the requester that the PER was rejected and the request is closed.

    To request a risk assessment on the policy exception
    • Click Request Risk Assessment.

    An email notification is sent to the risk managers group.

    Note: This option is available when Risk Management is also activated.
    To request business owner approval
    • Click Request Business Owner Approval.

    An email notification is sent to the business owner.

Feedback