Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • Governance, Risk, and Compliance
Table of Contents
Choose your release version
    Home New York Governance, Risk, and Compliance Governance, Risk, and Compliance Common GRC features Entity scoping in GRC

    Entity scoping in GRC

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    Entity scoping in GRC

    Entity scoping is permitted in each of the core GRC applications. Scoping provides a way to allocate risks and controls at different levels. Dependencies are created using the dependency map in the GRC Workbench.

    What is entity scoping?

    Note: Starting with the New York release, the term profile was replaced with the term entity. See GRC application nomenclature updates and industry terminology for more information about all updated GRC application terms.

    Organizations have various control owners maintaining individual files and spreadsheets for tracking the compliance of different systems, projects, organizations, etc. In this environment, risk managers cannot prevent or even be aware of the duplicate risks and controls created on shared entities. The entire purpose of entity scoping is to provide a top-down approach for maintaining your risk universe, which is the hierarchical library of both risks and controls. Mature organizations with a healthy risk posture find that most risks are standard and recurring. Entity scoping helps you catalog and visualize upstream and downstream risks and controls based on the roll up of the related entities.

    Figure 1. From an organic approach to a structured system
    Legacy bottom-up approach to improved top-down system
    1. Create or edit Entity Types and map them using the Entity Filter to existing ServiceNow® tables.
    2. Map these entity types to external regulations and internal policies using control objectives and risk statements.
    3. Generate risk and control instances on related entities.
    4. Maintain your risk appetite and scoring results by the aggregated calculation for entities; all combos for risk scores on risk roll up.
    Figure 2. Scoping process
    image shows scoping process with old and new terms
    • Generate risks and controls from entity types

      Create and edit entity types and map them to existing ServiceNow® tables for which you must track compliance (applications, departments, regions, processes, systems, etc.). Entities are assigned to control objectives and risk statements, which generate controls and risks for every entity type.

    • Create independent entities

      Entities can be created manually, rather than generating them from the entity types. Entities can also be created without needing to refer to an existing ServiceNow® table, like assets, applications, business services, or processes.

    • Relate entities to each other

      Create relationships between entities to understand how controls and risks affect each other and how they affect the enterprise.

    Related concepts
    • GRC and the ServiceNow Store
    • Mobile experience for Governance, Risk, and Compliance
    • Content references in GRC
    • Domain separation in GRC
    • Advanced Governance, Risk, and Compliance Application Risk dashboard
    Related reference
    • GRC application nomenclature updates and industry terminology
    • GRC content packs
    • GRC integrations
    • GRC use case accelerators

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      Entity scoping in GRC

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      Entity scoping in GRC

      Entity scoping is permitted in each of the core GRC applications. Scoping provides a way to allocate risks and controls at different levels. Dependencies are created using the dependency map in the GRC Workbench.

      What is entity scoping?

      Note: Starting with the New York release, the term profile was replaced with the term entity. See GRC application nomenclature updates and industry terminology for more information about all updated GRC application terms.

      Organizations have various control owners maintaining individual files and spreadsheets for tracking the compliance of different systems, projects, organizations, etc. In this environment, risk managers cannot prevent or even be aware of the duplicate risks and controls created on shared entities. The entire purpose of entity scoping is to provide a top-down approach for maintaining your risk universe, which is the hierarchical library of both risks and controls. Mature organizations with a healthy risk posture find that most risks are standard and recurring. Entity scoping helps you catalog and visualize upstream and downstream risks and controls based on the roll up of the related entities.

      Figure 1. From an organic approach to a structured system
      Legacy bottom-up approach to improved top-down system
      1. Create or edit Entity Types and map them using the Entity Filter to existing ServiceNow® tables.
      2. Map these entity types to external regulations and internal policies using control objectives and risk statements.
      3. Generate risk and control instances on related entities.
      4. Maintain your risk appetite and scoring results by the aggregated calculation for entities; all combos for risk scores on risk roll up.
      Figure 2. Scoping process
      image shows scoping process with old and new terms
      • Generate risks and controls from entity types

        Create and edit entity types and map them to existing ServiceNow® tables for which you must track compliance (applications, departments, regions, processes, systems, etc.). Entities are assigned to control objectives and risk statements, which generate controls and risks for every entity type.

      • Create independent entities

        Entities can be created manually, rather than generating them from the entity types. Entities can also be created without needing to refer to an existing ServiceNow® table, like assets, applications, business services, or processes.

      • Relate entities to each other

        Create relationships between entities to understand how controls and risks affect each other and how they affect the enterprise.

      Related concepts
      • GRC and the ServiceNow Store
      • Mobile experience for Governance, Risk, and Compliance
      • Content references in GRC
      • Domain separation in GRC
      • Advanced Governance, Risk, and Compliance Application Risk dashboard
      Related reference
      • GRC application nomenclature updates and industry terminology
      • GRC content packs
      • GRC integrations
      • GRC use case accelerators

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login