The Now Platform® Washington DC release is live. Watch now!

Help
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GRC Attestation

ruzbehv
Mega Guru

OOB we are seeing the attestations being sent per control per ‘Assigned To’ user. This behavior is causing a lot of overhead for our end users.

For example, if we have 20 Policy Statements with 10 Profiles this will generate 200 controls. Each of these controls will need to be attested. If we have 10 profile owners, they will be required to individually go and click “View Attestation” 20 times.

We need attestations grouped per profile rather than per control. This will save the ‘Assigned To’ user time to have to click through multiple attestations.

Does anyone have any suggestions?

1 ACCEPTED SOLUTION

G Balaji
Kilo Guru

You could consider following design,

Attestation Questationnaire is basically metrics. You could all the attestation questions in one attestation type where respondents will complete attestation at one form. Further you'll have to write a script includes or business rules which will map these answers to attestation types of other controls moving the respective controls to review state with compliant status based on the answer to their respective questions.

Hope this helps.

View solution in original post

12 REPLIES 12

Anushree Randad
ServiceNow Employee
ServiceNow Employee

Hi Ruzbehv,

Thanks for your feedback. We recognize this problem and have planned to solve this problem by providing a simple way to respond to these attestations more efficiently. It is on our roadmap.

I would like to understand this use case in more detail. Are you looking to have 1 common attestation for all different controls under a profile or are you looking for different control attestations just group them by 'profile' so that you can see all of them at 1 place and respond to them in efficient way?

Let us know your thoughts or ideas regarding this that will help us enhance this feature.

 

Thanks,

Anushree, GRC Product Manager

Do you need an attestation per control or could you create a number of questions to be answered in a single attestation?

Hi Anushree,

 

We are looking to see them all in 1 place so that it's more efficient for our end users.  It would help to have a choice of grouping attestations (i.e. Profile, Assigned To) and presenting it in a singular customer friendly form view.

 

Regards,

 

RV

jingpingge1
Tera Contributor

Hi Ruzbehv,

 

This could also be addressed by adjusting/configuring  GRC according to your IT environment. For example, the Policy Statement is "User must use a complex password", one can apply this control to all users (control owners, each user has the final control  of setting the password the way they wanted), all of them need to attest, or apply it to the Directory owner (implement control at directory level, not accepting any password setting that not meeting the standard), directory owner just need to attest one time. I would recommend working with the control owners to configure the GRC control allocations based on if they truly have the final say of a given control.