all right that sounds fabulous can you see uh see my screen okay answer your screen awesome well my name is theresa law i'm the director of product marketing for risk here at servicenow and i am very excited to be here with ashwin our product manager for our new operational resilience management application and we are hoping to be joined by minoge who is actually the cro over spotlight to tell us a little bit about their library app that's on the store the reason that we're doing this that we're all here is because we have some new irm applications that are now available on the servicenow store specifically we have a whole series of webinars that we have been going through and doing for you all live demos lots of great questions lots of details we started in october with business continuity management and then we did our new continuous authorization and monitoring application which is focused on nist rmf then in november we went ahead and we did our advanced risk assessments and we did our policy and compliance application and our new enhancements for that and lots of great enhancements for vendor risk management and now in december we did our another new application which is our regulatory change management application and today we're going to be looking at operational resilience following that so don't go away we're going to have a great demo on our new risk the new application on the store risk spotlight op risk library so all in all we have seven webinars that we've been doing all of this is on the ask the expert channel i encourage everyone to go out there take a look you can ask questions also that on the community link ask questions there we're happy to engage with you and the one thing we want to make sure of in this in this webinar that we've got here for the next 50 minutes is that you all ask questions so let's make this engaging and without further ado i'm going to turn it over to ashwin who is going to then start taking us through the new operational resilience management application so ashwin go ahead and take it away thank you tracer your screen it looks great hello everybody um thanks for joining today's session on operational lecture dates resilience uh i'll take you um by the operational resilience overview of servicenow's latest offering and then manage will help us understand the risk spotlight offering on the servicenow store as well so um just give me a second all right so operational resilience is one of the applications that we have released recently last month in the store it's generally available for all our customers you should be able to download and you start using that as part of today's agenda first we are going to look at what operational resilience is how servicenow envisions the solution and then we can look at the demo of the operational resilience application if there are any questions please put it on the chat and we will take it as we move on so operational resilience is the ability for any organization to recover from an adverse event right disruptions are inevitable but um if there are these disruptions that are happening operational resilience defines how fast and easily that you can get back to business as usual and keep moving forward this is how we at servicenow are looking at operational resilience we define and envision operational resilience as the ability of an organization to continue to serve its customers deliver the critical products and services to the end customers and ensure the health and safety and productivity of their workforce during any of these adverse events and how they do it is by anticipating these events preventing these events recovering from these events in case they happen and then adapting from all of these exercises that we have been doing across the different phases so as i said um as as a firm you are concerned about the products and services the delivery of them continuously even during an situation like the ongoing pandemic it could be a fire outbreak it could be earthquake any of these disruptions right you want to ensure your customers are satisfied they are getting served and you want to ensure your workforce is safe and they are productive the way we are tracking this is by five pillars the people who support the delivery of these services the technology that comes together to delivery of the services with all the digitalization of the businesses going around the world it becomes really important that we emphasize on technology resilience as well then comes the facilities as we reopen for example after the pandemic for regular operations the facility managers have to ensure compliance to local regulations ensure there are enough of safety measures implemented in the facilities and there is enough of resilience planned around the facilities itself and the equipments to ensure the delivery of critical services to the end consumers same thing with the globalization that's going on businesses are dependent on each other more deeper and deeper so the suppliers or the vendors that we depend on also have to be resilient we have to be insulating our business for any supplier outage because of a supplier outage we should not be impacted and it should not block our delivery of critical services to our end users or the consumers and finally the processes these are the processes that interlink the different pillars and get them together in order to deliver these critical products and services to our customers as i said this is done by four different faces let's look at what those are in a bit more detail so operational resilience is not a siloed function or it's not a separate department in an organization or a bank right it has to be embedded in the day-to-day workflows or activities in the bank every department and every function has to take this into their culture and implement them it can be your it workflows it can be employee workflows customer workflows those are built on top of servicenow's platform or it could be any custom workflows that are enabling you to get your day-to-day activities completed so operational resilience resides in all of these different things it's not siloed it's all coming together in order to support the delivery of the important or critical services to your end consumers so we talked about four phases this is how we have split the different aspects or activities of operational resilience the first one is anticipate where you would be able to inventory all your critical services for example there could be multiple services a bank is providing right let's say mortgages is one of the services that the bank is providing if you ask the customers is it very critical for you probably not as much because if you can't get that service from one of the banks maybe you will go to another bank and get the same service from the different bank but let's say for example you are in the line of an grocery store you are going to pay the bill and when you reach the counter your debit card doesn't work and that's the only one that you have because of certain id outages of that bank right so that becomes a critical service that is payment services and transactions that the customers can do so you can inventory all of these services in the cmdb the service catalog of servicenow and then classify them as which ones are critical based on the impact of the customers the impact to the organization or the bank itself and then the impact to the market integrity and economy right so you'd be able to do that once you have done the inventory of these services the next thing is to map the dependencies this is called the service mapping in some of the guidelines and white papers that have been published by the regulators right so you'd be able to um inventory the different products that you're delivering the customers the services etc and then map them to the internal processes people departments functions uh the vendors and suppliers and facilities and so on we will see that in the demo the next is to analyze the risks around these supporting elements right so it can be people related risk it can be technology related risk or any of them understand the risk that is around them using our advanced risk assessment capability this is part of our operational risk management capability we will see that as well the next thing is you can identify the recovery objectives for these different things right in case they go down how far should we recover them that's part of your anticipate phase the next one is the prevent phase based on the risk assessments that you have done you can establish and implement the controls to mitigate those risks and similarly you would be able to come up with business continuity strategies implement the strategies and document them as plans and test them as well and keep monitoring the performance of these plants then comes the respond and recover phase in this case we are assuming that the event has happened um of course as the white papers and guidelines say these disruptions are inevitable they will happen at some point in time and operational resilience is about how well are you prepared to tackle those so using our incident response product and the business continuity product we have the crisis management capability and emergency communications that can be used to respond quickly and recover from these adverse events that may hit you finally the adapt part there are capabilities for you to perform root cause analysis um analyze the whole thing the trends understand their learnings and then make it into the operational resilience as a whole you can even strengthen the controls implement new controls and so on so forth so these are tracking the learnings from all of the different aspects so far and keep on continuously improving the operational resilience program let's uh look at this one slide and then we will move into the demo directly so this is the structure this is exactly the data model as well that we have built in the product so uh you'll be able to see that there are these are the outcomes that we call those are the critical services and products that the bank or the firm wants to deliver to the end consumers you can have an inventory of these you can tear them into critical high medium low and and different scales of that kind so that you have an idea of which ones are really critical for the firm based on different factors we will see that and then you can link them to the internal activities and processes that are followed in order to deliver these critical services in this case i'm talking about a payment service which is kind of a critical service for our end consumers but in order to execute these activities and carry out these business processes we are dependent on certain elements and we call them the fillers so there is a technology pillar there's a people pillar there's facilities and suppliers in the conventional business continuity management these were looked upon as silos and they had their own business continuity plans and one of the key differentiators in operational resilience is to look at this from a top down a holistic view we want to exercise these plans together do the risk assessments and bring everything together so the first thing is technology pillar the user persona that you are looking at here is the cio the chief information officer or the chief information security officer when it comes to operational resilience their team's goal is to ensure the technology that is needed to carry out these business processes let's say for example an application a web application that's needed in order to key in critical data of the customer who wants the payment service and store it in the db right so that has to be available at all the point in time um and it has to be secured as well the data that's stored in it cannot be compromised then comes the people pillar of course this is being headed by the hr officer of the chief or the chief hr officer and their team the goal is to ensure the well-being of people health and safety and the productivity of different people like in this current situation everybody is in isolation everybody's working from their home offices what are the things that they need to be productive all of these has to be taken care of then comes the facilities the facility managers have to ensure safety and equipments that are available in each facility they comply with the local regulations in order to open the businesses in phases and then comes the suppliers of course this is your procurement team and vendor management team who want to insulate the operations day-to-day operations from supplier outages that's their goal when it comes to this so how do we do this um we have to inventory all of these data first of all the technology team is going to inventory all the assets in our cmdb we have an auto discovery capability you can go through your id infrastructure understand what are the different servers what are the different databases the complete id infrastructure that's needed for an application to work successfully that can be documented and inventoried here and that is related to the business process how they support them the next is the employee data we capture the employee data and what locations they are working out of what which are their physical addresses and so on so forth um the facilities of course where these facilities are where our operations getting carried out from what are the equipments in each one of these facilities and then you can track that there then comes the suppliers which are the vendor details what are the services we get from them what are their performance currently once we have this inventory done and the mappings done the next thing is you can set tolerances for the services based on different factors there are three parameters that you can set this on one is the timeline one is the volume and the third one is the data integrity so based on that you would be able to do scenario analysis we will see that what that is in a couple of minutes and then you can identify the risks around each of this pillar right there could be technology risks people related with facility related risks and suppliers and so on so forth once the anticipate phase is done the next one is the proven phase where based on the risk assessments you have done for each pillar you can implement the controls correspondingly right it could be data encryption it could be ensuring certain policies are in place for people related risk facility related lists and suppliers etc so you want to avoid concentration of suppliers in one particular geography and so and so forth you can also look at implementing the business continuity strategies and testing those plans as part of the prevent phase then comes the recover where you are looking at the ongoing incidents recovering from them looking at the outages recovering from them you can start activate business continuity plans send out emergency communications and come out of that situation and finally adapt we discussed this you can do root cause analysis and make recommendations on how to strengthen the operational resilience program all right so this was a brief overview of the uh application itself now i would like to walk you guys by the demo um all right so i've logged into the application as an administrator just to avoid logging out and in frequently so this person has access to almost all the capabilities of the tool what you're looking at here is the business owner's view or the chief operating officer's view right this could be a general manager who's heading a business unit or a chief operating officer heading the entire organization as soon as i log in i'll be able to see me and my team are delivering 12 critical services to our end consumers right out of these 12 critical services that we deliver today there is one that is under outage that's completely under outage i can drill deeper into any of these numbers that you see here from our dashboards and look at who's working on this outage um and follow up as needed right the next one is this is a currently degraded service this is not completely out but it is not performing uh the hundred percent that it usually should have been so right at the top you would see that these are the ongoing stuff these are the current issues that needs my attention right that's the first thing that we start with again this comes from our cmdb that is our service catalog the outages and the degradations that are happening right now these are open stuff the next is the potential candidates that can become an outage soon if not uh if attention is not provided towards them so we are looking at the services with high risks next right these are the number of services that have risks identified at one of the supporting pillars for example in this case there's a people pillar there are five high risks or high residual risks that are there that are identified assessed and reported into the system that is in our advanced risk management system so we have taken a risk driven approach for operational resilience here it's not just a check box exercise like a compliance solution where you just say yeah these are the things that are there so if you already have an operational risk management practice there are risk assessments being done by the operational risk management managers we just directly pull in that information real time for this uh dashboarding only thing is we categorize them into different pillars that happens in operational resilience uh product and it is presented in terms of how it bubbles up to the service level at the top level right so you can see there are five risks here it could be people not taking um the security training right uh that could be a people risk that's there there's not enough of social distancing being maintained um there could be some outages that are expected in a facility that's the facility related risk there could be vendor related risks like a concentration risk there could be technology risk like loss of confidential data and so and so forth so these are the different pillars that we ship with this is by default when you turn on the product then you would get these four pillars which is in line with the um the white paper and guidelines provided by the um bank of england fca and pra right but this can also be configured to extension right what i mean by that is if you would like to for example split this technology pillar into more details right you want to see the it infrastructure related stuff separately and data related stuff separately or vital records related stuff separately you can very well go ahead and configure that we will look at how to configure this at the end what would typically happen is one more bar will show up within this chart in that ways we have made it really flexible for you to go and define these different fillers and the reporting and dashboards will draw redraw itself to support your needs so that was coming from our advanced risk assessment capability the next one is from our policy and compliance capability this is the control test and the compliance percentages so there are certain services which have been supported by different elements people facility suppliers and technology but the controls related to them are failing currently how many of them are there which are failing this also means there are vulnerabilities in these areas failing controls are nothing but weaknesses in the system and thus this is also a potential candidate and it can move from failed controls to an actual outage soon if not if we don't take actions as soon as possible right so that's the reason this is also out here um it could be for example data encryption is not done on some of our databases which have really critical personally identifiable information let's say right and the service is dependent on that and if there are uh problems because of this then that particular service or a couple of services that are using the same database will move into an outage so we want to avoid that and for that reason you need to get an insight of this and you can click into it at any point i will just use this um for a minute let us just see this is the underlying data that comes from our control tests right you would be able to see digital banking as one of the services out of that four that we saw and there are some of these controls that are non-compliant right we roll it up the the way we roll it up is we look at the controls which are non-compliant we roll it up to what are the servers that they are related to and what is this item part of which pillar in this case we defined it as a technology pillar right so that's why you're seeing this and this technology uh item is comes together to support a particular process or an internal activity of the bank and that activity helps in delivering and final service to the end consumer and that's how we have bubbled it up all the way and that's why you would see the the dashboards in terms of number of services that have failed controls and number of services that have failed controls across each pillar now uh if you think uh if you're thinking why is this number not matching uh these it's because one service can be part of multiple of these pillars the same service can have control failures around any of these we just roll it up as a distinct or unique values of services up here as a summary now there are 50 critical elements that comes together to support these 12 services and this data comes from our business continuity management application some of these supporting elements don't have an continuity plan or and disaster recovery plan when it comes to technology assets meaning i don't have a document that my team can follow to recover these elements in case that go down they go down and the problem here is these elements are critical and they come together to support one or more of these critical services so that means that it's going to be a business impact so that becomes critical the user can click on any of this see who owns this facility follow up that follow up with that facility manager to come up with the business continuity strategy implement it and document then comes the impact threshold breaches this is purely driven within operational resilience management based on the impact thresholds that you have established for your services you can keep injecting multiple scenarios and see at what point in time we breach the set impact thresholds and accordingly you can report or recommend actions via issue management capability so there are issues that have been reported which were called out as p1 issues and it had a date around that by when it should be resolved but currently it is overdue right so we want to ensure those issues are taken to a closure so you can drill deeper into the details follow up and get that done as well so these are the potential candidates that can move to an actual outage this was the second half of the dashboard now uh the last part of this first dashboard is the place where we do the recommendations right the application recommends based on the uh risk assessments that are going on and the control failures that have happened which ones are where do you want to start fixing things from right so for example there is a control here that says return to work policy return to work policy is being documented uh it's been there but it's not working as expected it's not operational as expected right so that for that reason that control is failing or the controls related to that policies are failing uh and then let's say this is impacting five different facilities right let's say all of them are in the u.s for example now if i fix this one particular control because they are related to five facilities and the operations in these five facilities cater to five different services right so this is impacting five different services the top level thing is the service again uh from where we want to look at a top-down approach so if i fix these things this one control then i would be able to save these five different services that's the maximum number of uh the maximum benefit that i can get kind of a bank bank for the buck right so that's the that's this chart very similar to this the risks as well if you look at one of the risks let's say for example loss of data integrity or a loss of confidential data let's say this particular risk is impacting these many assets and because those many assets are used by let's say four services this is like one of the things that i might probably want to start looking at and fixing ideally this will this will be sorted with the highest number of impacted services at the top and gradually decreases that is the first chart that you can look at this is an overall view around the whole organization or a particular business unit according to whoever logs in the dashboards are tailored for their view all right now the next one is the service details this is pretty much the same um data but a double click view of it right i can go ahead and select one particular service or multiple of them and i can say i want to see all of those which are related to uh one service which is being served by uh these many internal activities of processes and then what are the data around it so this is slicing and dicing of the underlying data the operational resilience managers for example can go ahead and look at each service get more details around them and then start taking actions around those so this is one of the dashboards as well now we looked at the business dashboards right so these were for the business unit heads and general managers etc the next one is the chief information officer or the chief information security officer and their team so since we are looking at one particular pillar we have gone deeper into it you will start seeing uh i've logged in let's say i have logged in as a chief information officer i can see there are 16 critical assets or 16 assets me and my team are maintaining which are supporting four business services right so these are the critical things that we are maintaining today and because of this we are supporting these four services and out of this 16 if there are any open major incidents this comes from our incident management system these are all live data that are sourced from these different applications the advantage of being on a single platform like servicenow right you can pull this information directly from there you don't have to for example ask someone like a survey do you have any open incidents right typically uh the capabilities out there today don't do that they just send out a questionnaire to people asking do you have open incidents do you have high risk do you have controls failures etc etc but that is not real time probably that would let you do your analysis once in a quarter maybe but for all that you know within the next quarter you would have multiple outages and you're already in a bad situation so this dash but these dashboards enable you to track this directly from the source of these uh different um areas right so you would be able to get a real-time view all that you need to do is if these programs are already running in your organization this will come up automatically here same same thing if you have the business continuity management capability you can see how many of them don't have plans even if they have plans how many of them have failed the latest exercise meaning it's as good as not having the plan you want to follow up and get them updated you can see how many assets are under risk these are the technology risks how many are high medium and low the controls of course how many are compliant how many are not how many are yet to be tested and similarly the open issues right how many are critical high medium low according to the priority uh these are the problem areas or the areas which need your attention we are we have we have designed these dashboards in a similar pattern that you have seen in the first place right so some of them are ongoing stuff and then these are the things that need your attention and this is the recommendation right so you can see multi-factor authentication as a control if i fix this these many impacted assets can be safeguarded and so this are these are rolling up into the services so we are not going to show the data around the entire universe of our cmdb there can be thousands of tens of thousands of it assets in the system but we are picking up only those that are directly linked to the services through processes and we bubble up only the risks controls and the other details around them so we can cut down on the noise and then you can focus on what is really important from an operational resilience point of view same thing with risks the issues and then if we have our vulnerability response capability you would get the data as well populated from the vulnerabilities that are there and identified that are identified in that component next comes facilities uh very similar view to cios but this is being catered to the facility managers same pattern these are the current outages you can see what things uh need your attention but these are filtered by the pillar these are facility related risks facility related controls and issues and then the recommendations to fix stuff you can see the people dashboard this is for the hr officer and their team uh these are very specific to organizations and functions in your organization right in your in your firm basically these are people related risk controls and issues and finally the suppliers so these are the vendor related uh information there are 23 vendors that we are engaging with currently they support these many and then what are the risks controls and issues around them so this was a very quick overview of the operational resilience capability that we just released recently um and then let me just walk you by very quickly how to get this configured how easy it is to configure these so basically you can see there are some pillars that we defined right for example i have not used this but you can add one more for example here i can just go in i can say this is a new pillar that i want to track in my dashboards this is called data or let's say for example vital records right and i can save this once i have decided what are the things that i need to track i can go back to what we call as entity types and then relate what should be part of that vital records for example i can create a new one but i'm not going to do that we'll just look at an existing stuff and see what goes in to get that done so i can create what means what are the things that needs to be considered as suppliers i can go and add a filter saying it has to be picked up from a particular table these are the filtering conditions and if all of this matches they qualify to be a supplier and the risks around them controls around them uh business continuity plans around them and so and so forth will be picked up and you will start seeing the new pillar that you want to create uh with all the details getting populated in the dashboards here right uh so it's as easy as that you can do that and if you have these operations or programs already running one is your risk management one is your compliance management the other is business continuity and the rest of the issue management vulnerability response incidents and outages if these are getting tracked in different applications we pull them in real time and this dashboards are drawn and you can start tracking those so that was a quick overview and with that i will hand it over to manoj to take us through the wrist spotlight capabilities excellent thank you ashwin as we're getting manoj set up here i just wanted to reiterate that manoj is the cro for the spotlight risk spotlight is a new application that we have on the servicenow store um stay tuned at the very end we'll give you some links to be able to get out there and and see the information but we're very excited to have wrist spotlight here and we're really interested in seeing what they've got there that actually pertains quite closely to oshawa and what you've been talking about around operational risks thank you yeah can you start sharing your screen uh yes i am getting a message you cannot start while other participant is sharing okay i'll just close this okay perfect okay excellent thank you thank you very much uh for that introduction teresa so uh and and thank you for that uh overview uh ashman of the operational resilience solution so uh i'm going to talk about a new app which we have made available on the servicenow store uh which is called the risk spotlight of risk library tab as we've been talking about operational resilience uh in order to achieve operational resilience we need to work on making sure our risk management is effective which is what ashwin was referring to that operational resilience is not something you do but it's an outcome of effective risk management but to for a risk management to be effective what you need is you need some high quality content around your risks and controls in kris and particularly where that content is aligned with industry best practices and that's what the new application provides from risk spotlight uh where that's what the application is trying to address where we're trying to provide high quality operational risk content to service now grc customers which is aligned with industrial best practices that's what the page looks like on the servicenow store and what once you have the once you download the app what you will get is you will get access to 126 operational risks that are relevant for any financial services organization anywhere in the world so it's not specific to it's not like a regulatory content which is specific to a particular geography but we're focusing more on the risk management content which stays consistent across multiple geographies so based on our research we identified 126 operational risks which need to be managed by your financial services organization and for each of the 126 risks we then went and researched and documented the causes the controls you need the key risk indicators and then the financial reputational and business impacts for each of those 126 risks and the way you can use the content is that if you are in the process of creating a library of operational risks or controls or kris in your organization then that's where the app can allow you to fast track that process so instead of you're doing that in six months you you may be able to do that in one or two months so so the app can allow you to fast track so you you quickly get access to that content so you can start applying that content uh in your day-to-day risk management uh and and the content because it's aligned with best practices it also then gives you that extra assurance that if you if you utilize the content uh it the risk management framework you implement is also then aligned with industry best practices and if you already have a library in place then organizations also use a library to see if there are any gaps around certain type of controls or certain type of key risk indicators so that's also another usage of how you can utilize the app in terms of the risk categories so here are the different risk categories which are covered across those 126 risks and then i've highlighted the ones uh where the categories are relevant for operational resilience uh with this flag called or so so one of the risk categories we provide is business process execution failure so of course that's a very key part of operational resilience then we have the next race category is damage to tangible intangible assets uh so that's where if the risks associated with terrorist attack natural disaster those sort of risks are included in this category of course then it's relevant for operational resilience then you have employment practices and workplace safety so that's where things like covet 19 pandemic any employee health and safety related incidents and risks would be covered in that particular category so again from a copic perspective you're very relevant uh then you have external theft and fraud so this is where things like data breach uh would be covered where external parties uh steal data from an organization so uh also very important part of operational resilience internal theft and fraud so if that data breach you know was caused by uh internal employees then then that's an example of the risk which would be covered in the internal theft and fraud category the next one is improper business practices so this is where yeah the sales people intentionally miss sell products and services uh to the customers so that normally gets categorized into conduct risk part of risk management uh so the risks in that category i may not be that relevant from an operational resilience perspective then we have the regulatory and compliance so that's where we have all the risks associated with their submitting reports to your regulator so risks wouldn't risk in that category wouldn't necessarily be covered as part of operational resilience uh but then we have technology failures and damages so that's where you have id systems going down due to a hardware failure or cyber attack uh then those sort of risks are covered in in the technology failures and damages category and the last one is vendor failures and damages so this is where yeah if a vendor breaks down due to which you're not able to provide certain services to your customers then this would be covered as part of operational resilience so you can see that there is a lot of content in this library which is very relevant for from an operational resilience perspective and on this slide you get an idea of the the volume of the content we provide as part of the app so i talked about the 126 risks there are 213 causes mapped to those 126 risks uh there are 728 controls for those 126 risks and similarly key risk indicators 1766 and financial reputational business impacts collectively make up 79 impacts as part of the library so that gives you an idea of the volume of content you would get as part of the app and you will see on the on the app store that the app is free uh but it does it requires you to purchase the content license directly from risk spotlight uh and then i've listed the price here of 9990 uh if you want that content then uh you can get in touch directly uh once we receive the payment then we will allow you to then download that app uh from the app store and all the content then will be available as part of downloading that app so minos we do have a question here really quick causes in um servicenow terminology are control objectives correct uh so i have a table later so let me show you the mapping yeah yeah so here is the uh here is the mapping we can talk about that now yeah so risks we the risks we have equates to risk statement in the jrc app causes its causes controls go into control objectives oh sorry about that uh and then kris will go into indicator templates and those impacts we have they map into the consequences of the grc app okay perfect so that's where yeah we do allow functionality that the content then from the app can be copied so let me just do a quick preview uh of the app so you can get a sense of what is included in the app and then i'll hand over to teresa so so here i am logged into servicenow so if you once you've downloaded the app you can type orl for operas library and that's where you'll be able to see these tables so if i click on all orl risks then you will be able to see all the 126 risks here and then if i was to take let's say the atm fraud risk i can right mouse click click on summary and i can see a quick summary view of all the content associated with the atm fraud risk so you can see the different causes the impacts you can see the 48 controls which are associated with that particular atm fraud risk and then you can also click on a particular risk to just see all the details associated with one given risk so i've drilled down here in atm fraud risk so you are then able to see more details around the causes impacts controls and key risk indicators and of course you can open any of those uh data to see more uh details in this case i've opened this one control where you're able to see the title and the descriptions and then also what are the other risks that control uh is mitigating then uh one of the things uh customers typically do when they they utilize the content is that they first go and determine which of these 126 risks are relevant for the organization because if you are an insurance company then uh risks like atm fraud may not be relevant for you similarly if you're a retail bank then some of the risks around insurance fraud may not be relevant for you so so in the application we've given a functionality for you to be able to say whether a certain risk or control or kri is relevant for your organization or not so you can just right mouse click and then mark those uh uh content as uh relevant uh and then this is relevant flag will then allow you to easily see what are the different content in each of the risks and causes and controls where you've already marked as relevant and then you can also right mouse click and copy to grc so that's where when you do that then that functionality will copy all the data from our tables into the relevant grc tables which i had highlighted earlier so so that copy functionality will automatically then take all the content from the the application table into the right tables in grc so all that data is then populated there and then you can start utilizing that data for your risk management purposes so manoj another question for you um does the wrist spotlight library come layered in level one level two level n plus one wrist text risk taxonomy uh so we do have yeah a categorization there are two levels of categorizations so if i click on filter then we have categorized them by the basel risk category level one and two which is commonly used uh but we also have our operational risk level one and two but we've created those as fields so if i if i want to just see content related to external uh theft and fraud then i can sort of yeah type that and click on run and then it'll only show me the risks related in that particular category so yes there are there are two levels of categories around the content perfect is it possible to add additional levels or is are those two pretty well hard coded there so i mean once the customers download the app then this content here belongs to the customer so they can make whatever changes so if they want to change you know some of the titles they want to change some of the description uh because that's another tailoring customers will need to do so that the language which is used you know reflects the risk language used in the organization so of course your customers can then change those level ones they can add more if you know it's suitable for the risk framework in their organization awesome um there's a question here is it possible to see an example of the copy to grc feature to how it looks in the tables i'm not sure we can do that right now but so it will be yeah to those respective tables so i can show sort of one quick one where if i click on control so if i see okay so this one process to review improper business practices so i can see copy to grc uh a flag is false so i can just right mouse click and click on copy to grc for that particular control and you'll see on the top you get this message all records inserted in control objectives and then you can just open the control objectives table and you will be able to then see uh that record would have been added in that so if i sort of uh filter for anything which was created today so if i do create it so create today okay so that's already here so click on run and then that's the control which we just added so i can then click on that particular control so now it's part of the if it's part of the grc control objective table where i can open that and we then copy the title of the control we copy the description of the control and then there are some certain other attributes also which you can configure now because this is what customers would configure on their site so at least here the title and description we can definitely copy from our library very easily into the control objective but there are certain other attributes which also then can be configured on on the control objective and and everything else works in a similar way uh where you will you can then go and look for the content so once you do the copy to grc then depending on what you have copied you will be able to find that content in the respective tables highlighted here and it took about three seconds which is wonderful okay no so so that's that's all i had so yeah in in summary it's a fast tracking that if you if you want your good quality content because that's always a struggle in in operational risk and operation resilience project uh then that's what yeah we are we are helping this app is to fast track you to get to a good quality content so you can get on with managing your risks and in as effective way as possible so so that's from meters i'll hand over back to you i'll start the sharing fantastic let me just grab your screen really quick this is great thank you so much manoj thank you so much ashwin um i think this was was awesome our community is down so unfortunately a lot of people could not join us today but this recording is going to be on the ask the experts playlist so it will be there everybody that wants to go view it later yeah we are back up um the community is back up oh wonderful um so please you know visit us on servicenow.com.risk or you can actually look at the the application that minoj was talking about on the servicenow store please you know engage with us on our community and watch on the other ask the experts let me just see if we have any questions that have come in since the community came back up i don't see any so i want to just say thank you very much to manoj to ashwin and to all of our attendees and um if you have any questions please reach out thank you very much happy holidays yup happy holidays