ServiceNow’s Integrated Risk Management (IRM) Program is made up of five applications that can work together or as a standalone solution depending on the needs and maturity of your organization’s IRM team. One of these applications is Policy & Compliance. This application helps ensure your organization is following the applicable laws, regulations, and ethical standards that your organization must comply with. Being able to effectively manage compliance can prevent the cost of fines and lawsuits. Watch the video for a full demo of the ServiceNow Policy & Compliance application, presented by our IRM expert, Matt Maes.

Key Terms to Know

These terms are referenced in the video and are important to understand, as their definitions may be unique to the ServiceNow platform.

Policies; internal‌ ‌requirements‌ ‌consisting‌ ‌of‌ ‌internal‌ ‌policies, ‌ ‌standards, ‌ ‌and‌ ‌procedures‌

Authority Documents; external‌ ‌regulations, ‌ ‌laws, ‌‌and‌ ‌ethical‌ ‌Standards‌

Citations; the‌ ‌individual‌ ‌requirements‌ ‌that‌ ‌make‌ ‌up‌ ‌those‌ ‌authority‌ ‌documents‌

Control Objectives; control templates that are applied as individual controls

• ServiceNow‌ ‌enables‌ ‌organizations‌ ‌to‌ ‌map‌ ‌their‌ ‌internal‌ ‌policies, ‌ ‌standards‌ , and‌ ‌procedures‌ ‌to‌ external‌ ‌requirements. Control Objectives act as templates, allowing a single control or regulatory requirement to be applied to multiple parts of the business.

Entities;‌ records ‌that‌ ‌aggregate‌ ‌compliance‌ ‌and‌ ‌risk‌ ‌data‌ ‌for‌ ‌any‌ ‌organizational‌ ‌item,‌ ‌such‌ ‌as‌ ‌departments,‌ ‌locations,‌ ‌applications,‌ ‌services,‌ ‌etc.‌ ‌Entities‌ ‌can‌ ‌be‌ ‌related‌ ‌to‌ ‌each‌ ‌other‌ ‌to‌ ‌show‌ ‌how‌ ‌their‌ ‌control‌ ‌and‌ ‌risk‌ ‌posture‌ ‌impacts‌ ‌the‌ ‌organization‌. The‌ ‌controls‌ that ‌are‌ ‌applied‌ ‌to‌ ‌entities‌ ‌are‌ ‌evaluated‌ ‌for‌ ‌compliance‌ ‌through‌ ‌the‌ ‌use‌ ‌of control‌ ‌owner‌ ‌attestations,‌ ‌control‌ ‌compliance‌ ‌indicators,‌ ‌and‌ ‌an audit‌ ‌control‌ ‌test.‌ ‌(audit control tests are implemented through audit management application)

Issues; ‌ServiceNow‌ ‌task-based‌ ‌records that‌ ‌are‌ ‌automatically‌ ‌generated‌ ‌for‌ ‌non-compliant‌ ‌

controls‌ ‌as‌ ‌a‌ ‌result‌ ‌of‌ ‌attestation, ‌indicator, ‌‌and‌ ‌control‌ ‌test‌ failures. ‌ ‌

Learn more about ServiceNow IRM: Register for the IRM Webinar

Need help managing compliance in your organization?

No matter where you are on your maturity journey, Cerna Solutions has you covered when it comes to managing governance, risk, and compliance on the Now Platform. Recognized as a ServiceNow Elite partner, we are 100% US-based ServiceNow experts who specialize in ServiceNow Integrated Risk Management. Our approach to IRM has earned us a repeat customer rate of 90%, and a customer satisfaction score of 4.8/5. Learn more about our Integrated Risk offering or contact us at info@cernasolutions.com for more information.

More Resources

Explore next steps in the maturity journey: Download our IRM maturity Model

Get complimentary expert insights: Complete our IRM Evaluation

Simplify the ways users interact with Risk: Explore our IRM Portal for ServiceNow

Learn more about ServiceNow Integrated Risk Management: View our IRM Webinar