0
21.1.2
Zurich Patch 4, Zurich, Yokohama Patch 9, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu, Washington DC Patch 5, Washington DC
The ServiceNow® Risk Management application within Integrated Risk Management (IRM) provides a centralized process to identify, assess, respond to, and continuously monitor enterprise/IT risks that may negatively impact business operations. The application provides structured workflows to manage risk assessments, risk indicators, and risk issues.
The Risk Management application includes the following features:
- Scoping - entities and entity types
- Risk library - risk frameworks and risk statements
- Risk register - risk creation and management
- Risk assessments
- Risk treatment - accept, mitigate, transfer, and avoid
- Risk monitoring - indicator templates and indicators
- Issue management
- Reports and dashboards
[New]
- Introduced a feature in Entity-Based Access (EBA) that allows lifecycle users to access records. You can now configure any user or user group field on the record to provide additional access beyond what is defined in the EBA configuration.
- Introduced an 'Active flag' in the GRC Choice table; updates to these flags are now reflected in the Risk Management application.
[Fixed]
- Resolved a security vulnerability that allowed unintended edits to read-only fields.
- Fixed an issue where assignees could not edit comments after an action item was rejected and returned to ‘Work in Progress’.
- Replaced hard-coded admin role dependencies with granular roles to improve security and align with least privilege principles.
The following applications are installed automatically when you activate the Risk Management application:
- GRC: Profiles
- GRC: Approver Configurator
Permissions and roles
Role required to install the app: System admin (admin)
To upgrade the Risk Management application, make sure to upgrade the Risk Management Workspace and any other installed GRC applications to the equivalent release version. For example, version 15.x of Risk Management is certified to work with version 15.x of Risk Management Workspace and version 15.x of other GRC applications.