ServiceNow Governance, Risk, and Compliance (GRC) enables organizations to track authority documents, policies, policy statements, and risks and design and monitor controls. Organizations can schedule and run indicators and/or conduct audits to gather compliance evidence and identify findings that require remediation.
By leveraging ServiceNow GRC, Integrhythm helps clients modernize their compliance efforts through continuous compliance monitoring of basic controls; reducing time and effort spent on audits and internal reviews. We first conduct workshops with GRC teams to identify their current approach and define the organizations overarching, enterprise level GRC objectives.
The Integrhythm GRC Foundation Service is to enable clients to start using the ServiceNow platform as delivered out of the box and assist with the initial effort to create a centralized repository for their GRC documents and artefacts. This service allows for configuration of the basic GRC applications (Compliance, risk and audit) in ServiceNow and includes limited configuration, workflows or processes specific to the Client environment to enable end to end leverage of the platform.
Integrhythm conducts GRC workshops to identify the client's current approach and gather requirements. We demonstrate to the client Reports and Dashboards, usage of the audit application and risk statements, integration of UCF Authority Documents into ServiceNow, managing controls including policy statements, and enable the client to to monitor remediation, follow up, and determine effectiveness of controls.
Based on client objectives, we start ServiceNow configuration with Policy and Compliance, Audit Management, Risk Management and UCF Imports applications. Based on client requirements identified during the workshops, we develop dashboards and compliance reporting, and map requirements into focus including Audit, Controls, Compliance, Risk Management, Business Continuity Plans, and Security Operations. We validate segregation of duties to remediate risk and prevent potential fraud or error.
We assist clients in using the GRC platform by importing client-provided or UCF-provided Authority documents, Citations and/or Policy Statements such as PCI, HIPAA, and HITRUST. We configure profile types with corresponding profiles, client controls in ServiceNow, GRC attestations and indicators leveraging data available in Client instance of CMDB.
Organizations considering ServiceNow as a potential tool for GRC generally have a few questions about the ways ways in which the tool can be used. While our clients typically start with compliance management, they like to consider risk management and audit as well.
In this Perspectives paper, we describe how ServiceNow GRC can be leveraged to address these common GRC use cases.download whitepaper
As a ServiceNow Gold Services Partner, we have proven success implementing ServiceNow GRC through our work at multiple large organizations both independently and as the Business Process Consultant and Lead Technical Consultant as part of a ServiceNow QuickStart. Integrhythm partners with clients to develop a multi-phased approach allowing clients the ability to quickly recover value while building experience to further determine business needs.