The ServiceNow Compliance Case Management application enables customers to manage their compliance cases, such as policy and regulatory violations and complaints. It enables collaboration with key stakeholders to perform assessments, investigation tasks, and other actions to effectively manage compliance cases. Additionally, it supports analyzing causes and consequences as part of the post-case review process.
Compliance Requests :
Compliance request configurations: Configurations consist of two active compliance request types, each with dedicated workflows to manage compliance-specific inquiries and approvals related to policy improvements.
Each request type can be configured with the following elements:
-
- Workflow
- Form view (show or hide fields based on request type)
- Assignment rules (to assign an analyst to a compliance request)
- Approval workflow
- Any approvers
- All approvers
- Specific percentage of users to approve
Employees can raise compliance request and contact the compliance team through the Employee Center. The compliance team analyzes the request, identifies related policies and controls, and obtains additional approvals, if necessary
Compliance Case :
Employees can report events or policy violations and contact the compliance team through the Employee Center.
APIs are available to create and update compliance cases from various sources, such as ServiceNow Apps (Security Incident Response, IT Incidents, HR Cases) and third-party integrations.
Compliance team analyzes the case, conducts investigations, and collaborates with various teams by creating and assigning case tasks.
Compliance case configurations: The configurations consist of two active compliance case types, each with dedicated workflows to manage policy and regulatory violations use cases.
Each case type can be configured with the following elements:
- Workflow
- Form view (show or hide fields based on case types)
- Assignment rules (to assign an analyst to a compliance case)
- Assessment templates
- New
- Ability to create and map action tasks to the compliance request workflow.
- Ability to create dynamic state model for action tasks in compliance requests.
- Creation of compliance case from inbound email.
- Ability to configure impacted and related areas on compliance case types.
- Changed
- Introduced an 'Active' flag in the GRC Choice table. Updates to these flags are now reflected in the AI risk and compliance management application.
- Implemented the impacts of Citation-to-Control mapping across the dashboards and overview pages.
- Fixed
- Resolved a security vulnerability that allowed unintended edits to read-only fields.
- Replaced hard-coded admin role dependencies with granular roles to improve security and align with least privilege principles.
The following GRC applications must be installed and activated:
- GRC: Policy and Compliance Management (com.sn_compliance)
-
GRC: Compliance Management Workspace (com.sn_compliance_ws)
- GRC: Common Workspace Elements (com.sn_grc_workspace)
Permissions and roles:
- Role required to install the app: System Administrator (admin)