0
21.1.4
Zurich Patch 4, Zurich, Yokohama Patch 9, Yokohama Patch 6, Yokohama Patch 5, Yokohama Patch 4, Yokohama Patch 2, Yokohama, Xanadu Patch 9, Xanadu Patch 8, Xanadu Patch 4, Xanadu, Washington DC Patch 5, Washington DC Patch 3, Vancouver Patch 9
The ServiceNow® Privacy Management application helps customers manage their enterprise-wide privacy programs by staying informed about privacy risks and regulations. The solution also enables customers to unify and scale enterprise-wide data privacy governance on a single platform to embed privacy risks into the front-line and adopt the privacy-by-design culture.
The Privacy Management application provides privacy screening assessments and privacy impact assessments to discover where personal information (PI) is stored, who owns it, and how it is being used.
It also offers the following capabilities:
- Apply controls automatically based on assessment responses
- Monitor using an automated continuous control monitoring framework
- Maintain a record of all the processing activities
- Automatically identify and report issues.
- Discover business processes, applications, services, and vendors that process personal data, with support for both manual and automated data discovery.
- Maintain a record of processing activities.
- Conduct privacy impact assessments (PIAs) for existing and new processes, applications, and services, including Portal capabilities for PIA responses.
- Proactively request PIAs for new implementations, applications, and processes directly from the Employee Center, supporting privacy-by-design concepts.
- Send multiple types of PIAs to various key stakeholders for a single processing activity.
- Automatically map controls, risks, and information objects (such as email, phone, and SSN) based on PIA responses.
- Empower business users to update processing activity details.
- Assess privacy risk posture using advanced risk assessments and reports, incorporating both manual and automated factors.
- Obtain control and risk suggestions based on personal information mapped to processing activities.
- View privacy compliance posture reports based on control attestations.
- Use the Privacy Management Workspace for enhanced reporting on processing activities and control objectives.
- View reports and gain a 360-degree view of information objects, highlighting related processing activities, applied regulations, policies, and risks for each personal data record.
- Monitor and track privacy regulatory changes by integrating with Regulatory Change Management. This integration requires the IRM Professional or the IRM Enterprise license.
- New
- Entity-based access control
- This feature facilitates object access through entities.
- Maps entities to specific users or user groups, enabling granular access control.
- Administrators can grant access to an entity’s related records by adding users, user groups, entity user fields, or entity user group fields, which minimizes the risk of unnecessary data exposure.
- Configure any user or user group field on a record to provide additional access beyond what is defined in the EBA configuration.
- Entity-based access control
- Changed
- Introduced an 'Active flag' in the GRC Choice table. Any updates to these flags are now reflected in the privacy management application.
- Implemented the impact of citation to control mapping feature across the dashboard and overview pages.
- Fixed
- Resolved a security vulnerability that allowed unintended edits to read-only fields.
- Replaced hard-coded admin role dependencies with granular roles. This improves security and aligns with least privilege principles.
The following GRC applications must be installed and activated:
- GRC: Policy and Compliance Management (com.sn_compliance)
- GRC: Compliance Assessment (com.sn_comp_asmt)
- GRC: Common Workspace Elements (com.sn_grc_workspace)
- GRC: Advanced Risk (com.sn_risk_advanced)
Permissions and roles:
- Role required to install the application: System Administrator (admin)