ServiceNow’s Integrated Risk Management (IRM) Program is made up of five applications that can work together or as a standalone solution depending on the needs and maturity of your organization’s IRM team. One of these applications is Policy & Compliance. This application helps ensure your organization is following the applicable laws, regulations, and ethical standards that your organization must comply with. Being able to effectively manage compliance can prevent the cost of fines and lawsuits. Watch the video for a full demo of the ServiceNow Policy & Compliance application, presented by our IRM expert, Matt Maes.

Key Terms to Know

These terms are referenced in the video and are important to understand, as their definitions may be unique to the ServiceNow platform.

Policies; internal‌ ‌requirements‌ ‌consisting‌ ‌of‌ ‌internal‌ ‌policies, ‌ ‌standards, ‌ ‌and‌ ‌procedures‌

Authority Documents; external‌ ‌regulations, ‌ ‌laws, ‌‌and‌ ‌ethical‌ ‌Standards‌

Citations; the‌ ‌individual‌ ‌requirements‌ ‌that‌ ‌make‌ ‌up‌ ‌those‌ ‌authority‌ ‌documents‌

Control Objectives; control templates that are applied as individual controls

• ServiceNow‌ ‌enables‌ ‌organizations‌ ‌to‌ ‌map‌ ‌their‌ ‌internal‌ ‌policies, ‌ ‌standards‌ , and‌ ‌procedures‌ ‌to‌ external‌ ‌requirements. Control Objectives act as templates, allowing a single control or regulatory requirement to be applied to multiple parts of the business.

Entities;‌ records ‌that‌ ‌aggregate‌ ‌compliance‌ ‌and‌ ‌risk‌ ‌data‌ ‌for‌ ‌any‌ ‌organizational‌ ‌item,‌ ‌such‌ ‌as‌ ‌departments,‌ ‌locations,‌ ‌applications,‌ ‌services,‌ ‌etc.‌ ‌Entities‌ ‌can‌ ‌be‌ ‌related‌ ‌to‌ ‌each‌ ‌other‌ ‌to‌ ‌show‌ ‌how‌ ‌their‌ ‌control‌ ‌and‌ ‌risk‌ ‌posture‌ ‌impacts‌ ‌the‌ ‌organization‌. The‌ ‌controls‌ that ‌are‌ ‌applied‌ ‌to‌ ‌entities‌ ‌are‌ ‌evaluated‌ ‌for‌ ‌compliance‌ ‌through‌ ‌the‌ ‌use‌ ‌of control‌ ‌owner‌ ‌attestations,‌ ‌control‌ ‌compliance‌ ‌indicators,‌ ‌and‌ ‌an audit‌ ‌control‌ ‌test.‌ ‌(audit control tests are implemented through audit management application)

Issues; ‌ServiceNow‌ ‌task-based‌ ‌records that‌ ‌are‌ ‌automatically‌ ‌generated‌ ‌for‌ ‌non-compliant‌ ‌

controls‌ ‌as‌ ‌a‌ ‌result‌ ‌of‌ ‌attestation, ‌indicator, ‌‌and‌ ‌control‌ ‌test‌ failures. ‌ ‌

Learn more about ServiceNow IRM: Register for the IRM Webinar

Need help managing compliance in your organization?

No matter where you are on your maturity journey, Cerna Solutions has you covered when it comes to managing governance, risk, and compliance on the Now Platform. Recognized as a ServiceNow Elite partner, we are 100% US-based ServiceNow experts who specialize in ServiceNow Integrated Risk Management. Our approach to IRM has earned us a repeat customer rate of 90%, and a customer satisfaction score of 4.8/5. Learn more about our Integrated Risk offering or contact us at info@cernasolutions.com for more information.

Looking to elevate your IRM maturity? We are offering a limited number of complimentary assessments to respondents of our IRM Questionnaire. Complete the questionnaire to get a better understanding of current gaps and next steps for your governance, risk, compliance, and audit programs.