ServiceNow®
Governance, Risk, and Compliance product enhancements and updates in the Orlando release.
Orlando upgrade information
If you are upgrading Governance, Risk, and Compliance products, the initial
Orlando versions are available immediately in your instance. Going
forward, all updates to GRC products are only available in the ServiceNow Store.
If you have previously installed GRC products
and want an update from the ServiceNow Store, you do not need to activate the
Dependencies plugins for GRC products before you install the product
updates.
When you download and install GRC products
from the ServiceNow Store, dependency plugins are automatically activated. For
example, when you activate the Policy and Compliance Management product, the Policy and Compliance Management Dependencies plugin is automatically activated.
If you have previously installed the GRC: Vendor Risk Management and GRC: SIG
Questionnaire applications, and want to upgrade them to the Orlando
release, be sure to update GRC: SIG Questionnaire first, as it will
update all applications that use SIG, including GRC: Vendor Risk Management. If you update GRC: Vendor Risk Management first, be sure to manually update GRC:
SIG Questionnaire after the GRC: Vendor Risk Management update
is complete.
New in the Orlando
release
- Cybersecurity Controls
Accelerator
- Version 11.0.3: Easily enhance your overall security preparedness and cyber-defense
posture using the Cybersecurity Controls Accelerator. The accelerator contains the CIS
Controls authority document, associated citations, and control objectives. When used
with the Technology Controls Monitoring Accelerator, you can take advantage of
pre-defined indicator templates mapped to the CIS Controls for automated control
validation and continuous monitoring.
- GRC Business User
role
- GRC: Profiles Version 11.0.3: To improve the internal security of the product, a
dedicated GRC Business User role was created for users who require access only to GRC
applications in the context of performing tasks assigned to them. Users with the GRC
Business User role are provided limited access to data and to information relevant to
the tasks assigned to them.
- Technology Controls Monitoring
Accelerator
- Version 11.0.1: Monitor your technology controls, such as CIS controls using
pre-defined manual and automated indicators.
- Advanced Governance, Risk, and
Compliance Application Risk dashboard
- Version 10.1.3: Use this integrated application dashboard to view the most recent
risk and compliance aspects around the business applications that you use in your
enterprise. The dashboard, available from ServiceNow® Audit
Management, Policy and Compliance Management, and Risk Management, highlights the
compliance impact and risk posture of your applications, the current state of
remediation and exception activities, and audit activity.
- Predict issue owner using GRC
Predictive Intelligence
- Version 10.1: Activate the GRC Predictive Intelligence plugin
(com.sn_grc_pred_intel) to automatically route issues to the correct assignee. Use
this plugin to save time when identifying an issue owner. The identification is based
on historical data analysis and artificial learning.
- Operational Risk Management
Dashboard
- Version 10.1: View the complete risk posture for an enterprise using the Operational
Risk Management dashboard. This dashboard enables an entity owner to view the complete
risk posture in a single, consolidated report. This dashboard enables you to analyze
the risk posture efficiently and take the necessary corrective actions to preemptively
manage risk. This dashboard generates real-time risk reports and also shows the past
performance data and future forecast. Risk administrators can personalize this
dashboard by adding and removing the necessary widgets, changing the colors, and so
on.
- Report issues from the Service
Portal
- Version 10.1: Directly report issues from the simplified ServiceNow®Service Portal to save time for users who want to report an issue.
- GDPR DPIA Use Case
Accelerator
-
Version 9.0: Perform preliminary and General Data Protection Regulation (GDPR) data
protection impact assessments (DPIA) to protect the personal data of individuals
within and outside of the EU.
- Virtual Agent support for risk
events
-
Version 9.0: Set up the GRC
ServiceNow®
Virtual Agent application to report risk events from the ServiceNow®
Service Portal. A GRC Virtual Agent chatbot helps customers quickly report a risk event. The
GRCVirtual Agent chatbot also assists
customers by saving their time.
-
Virtual Agent support for policy
exceptions
-
Version 9.0: Set up the GRC
Virtual Agent application to request policy exceptions from the Service Portal. A GRC
Virtual Agent chatbot helps customers quickly request an exception.
The GRC
Virtual Agent chatbot also assists customers by saving their time and
enhancing the customer experience.
- SIG 2019 Support
-
Version 9.0: Download the 2019 version of the SIG Questionnaire from the ServiceNow Store.
- SIG 2020 Support
-
Version 10.0: Download the 2020 version of the SIG Questionnaire from the ServiceNow Store.
Changed in this release
- GRC: SOX reports
-
Version 10.0: Use SOX content in GRC components, such as
entities, control objectives, audit tasks, and so on. The layout and view of
existing SOX reports have been improved. New features and capabilities have been
added to ServiceNow®
Policy and Compliance Management and ServiceNow®
Advanced Risk.
Removed from this release
- In GRC: SIG Questionnaire Integration, SIG 2017 is no longer supported. Upload SIG
versions 2018 or later. If a vendor uploads a version prior to the 2018 SIG, all
responses for matching questions are imported and any responses for questions that do
not match are imported with blank responses for the vendor to answer later.
Activation information
Before you run any of the GRC
applications in your instance, you must download them from the ServiceNow Store.