DATA SHEET
ServiceNow Identify risks in real-time
Governance, Risk, and Compliance Configure real-time business
and IT service performance
The business and IT challenge data, and identify vendor
requirements to enable
Managing risk and compliance with a manual, siloed and reactive work model is no automated controls testing.
longer effective as the global regulatory environment continuous to evolve, forcing Define thresholds as indicators
changes across your organization. Changes driven by the need to: adopt new business for continuous monitoring of your
models, establish new partner relationships, deploy new technologies, and address the extended enterprise
increasing number of threats and cyber risks. Many enterprises have discovered that
without an integrated view of risk it is virtually impossible to quickly assess the impact
Increase performance
on their existing compliance obligations and risk posture of these changes.
The Now platform CMDB,
Respond to business risks in real-time with ServiceNow process designer, service
mapping, and consistent and
ServiceNow Governance, Risk, and Compliance (GRC) helps transform inefficient
cross-functional workflow
processes across your extended enterprise into an integrated risk program. Through
automation simplifies GRC
continuous monitoring and automation ServiceNow delivers a real-time view of
processes and eliminates errors
compliance and risk, improves decision making, and increases performance across
your organization and with vendors. Only ServiceNow can connect the business,
Optimize internal audit
security, and IT with an integrated risk framework that transforms manual, siloed, and
productivity
inefficient processes into a unified program built on a single platform.
Use of risk data and issues
• Risk management - Detect, and assess the likelihood as well as business impact of management enables effective
an event based on data aggregated across your extended enterprise, and respond audit project scoping, planning,
to critical changes in risk posture and reporting while optimizing
• Policy and compliance management - Automate best practice lifecycles, unify internal audit and compliance
compliance processes, and provide assurances around their effectiveness resources
• Audit management - Scope and prioritize audit engagements using risk data and
profile information to eliminate recurring audit findings, enhance audit assurance, Improve strategic planning and
and optimize resources around internal audits decision making
Fine-grained business impact
• Vendor risk management - Institute a standardized and transparent process to
analysis, task management, and
manage the lifecycle for risks assessments, due diligence, and risk response with
contextual alignment with the
business partners and vendors
CMDB on a single platform
provides cross-functional visibility
Risk Compliance to identify, prioritize, and
appropriately respond to risks
Automate third-party risk
Formalized vendor risk
assessment and tiering process,
improved visibility, and
transparency save time and
reduce vendor risk.
Extend your Servicenow
investment
The single platform of
engagement offers orchestration,
easy integration, and data ingest
and publication capabilities
Audit Vendor
1
� DATA SHEET
GRC use cases data collection and mitigates the need
to manually reconcile test results and
modeling uses CMDB information
to show upstream and downstream
Compressing the time to identify, metrics. relationships across entities, so you can
prioritize, and respond to changes visualize the business impact of a control
Create a risk register and failure throughout the enterprise.
in your risk and compliance posture
automate risk assessments
is imperative. To do so you need to
ServiceNow GRC helps identify and Assess vendor risk
continuously monitor data across
your extended enterprise to speed manage risks in a single register. Self- ServiceNow GRC provides the ability to
detection of emerging risks. Automating assessments can be scheduled to collect more easily manage and assess vendors,
the appropriate remediation and risk information about existing and emerging saving time and reducing vendor risk.
treatment actions across business and risks, and the accuracy of controls.
Portfolio management capabilities
IT processes breaks down the silos and GRC combines asset and process- allow you to consolidate vendors into
ensures a rapid response. centric risk methodologies to determine a single vendor catalog. Through the
The Now platform collaboration engine qualitative and quantitative risk assessment designer and built-in
and issues management capabilities scores, which are informed by service questionnaires, you can more easily
work across GRC applications and with performance data with the business monitor vendors and obtain better
the Vendor Portal to create a shared impact derived from the configuration quality data, to more accurately track
understanding and facilitate timely management database (CMDB). This changes over time.
decisions. allows you to accurately gauge your
The first step in a vendor risk
risk exposure in real time. There is a
management program is to
Define a governance framework consistent process for automatically
appropriately tier your vendors. A
and test compliance controls creating and responding to issues,
formal tiering process, including
ServiceNow GRC helps manage your reducing remediation time from weeks to
tiering assessments and automatically
governance framework, including only minutes.
generated tiering scores help you
policies, laws and regulations, and best categorize vendors into levels or tiers.
Implement real-time monitoring
practices in one system, and maps Expand the knowledge of the risk posed
them to controls. Once defined, you can ServiceNow GRC identifies non- by your vendors through integration
automate repetitive processes, even compliant controls, monitors high-risk with third-party security score provides,
across functional groups. areas, and manages the Key Risk allowing you to adjust vendor tier scores.
Indicator (KRI) and Key Performance
Through ServiceNow GRC you can Indicator (KPI) library with automated Vendors risk is based on risk scores, which
identify relevant business, risk and IT data validation and evidence gathering. are dynamically generated based on
owners, and systems, and automate vendor questionnaires, updated in real
the manual cross-functional processes To complement existing GRC time, and stored in the vendor catalog.
for policy lifecycle management and capabilities, we provide out-of-the-box
integration with Performance Analytics The vendor portal consolidates commu-
compliance testing to identify non-
(PA) for GRC, which uses PA indicators nication and enables collaboration with
compliant controls, respond to issues, or
and thresholds as another means to your vendor and between your vendor
effectively scope a GRC engagement.
detect failing critical controls between and their response team—replacing
The unique capabilities of our platform
assessments. email and phone calls. Scheduled
eliminate errors and inefficiencies
assessments and automated notifica-
associated with emails, phone calls, Interactive real-time dashboards tions and escalations ensure you stay on
and in-person meetings. provide overviews of your risk and top of activities.
Additionally, using the built-in GRC compliance posture and audit activities.
Attestation Designer, you can create The role-based dashboards in the GRC Learn more at
and execute tests and attestations Workbench allow you to view status
www.servicenow.com/grc
that are specific to a policy statement. updates, priorities, and tasks associated
This eliminates errors during evidence with GRC engagements. Dependency
© Copyright 2018 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, and other ServiceNow marks are trademarks and /or registered trademarks of ServiceNow, Inc.,
in the United States and/or other countries. Other company and product names may be trademarks of the respective companies with which they are associated.
SN-DS-GRC-072018
servicenow.com 2
