live demo of our bcm capabilities so please hang out with us and i hope you enjoy the show we have a series of these so the first one go ahead and go to the next slide aaron there we go we have got a series of these because we have just introduced new applications on the servicenow store and there's even more to come in november so the first one that we're going to be talking about today is business continuity management it's got a brand new look and feel with four new applications many of them that you're going to be seeing today when demo when dan walks you through the demo but that's not all later this month we have our continuous authorization and monitoring application this is a brand new application also and this is really used to automate the steps of nist rmf or really any risk management framework to bring systems online more quickly and then in november we actually have three more of these for you and each of these are going to be live demos so on the 5th of november we've got our application and project risk assessments with the new operational risk dashboard then we've got a really packed one on the 12th and this is there's a ton of new enhancements for policy and compliance audit and cyber security accelerator which is actually for cis top 20. so we've got a that's going to be a really long one that's going to be fabulous and then on the 19th we'll have our vendor risk management where we've added you hopefully you realize in june we had a ton of new enhancements to vendor risk well there's more now in november in october we've released it you'll see it in november external monitoring guidance on vendor portal guidance and issue creation enhancements and then finally in december now these two applications are actually going to be released in our november release but in december you'll be able to see our new regulatory change management application where we have out of the box integration with the thomson reuter regulatory intelligence feed and then on december 10th we're wrapping everything up with our operational resilience webinar where we're going to be showing our new dashboards which really consolidates information from all of our servicenow tools and third-party tools into one place so you can see how resilient your technology people facilities suppliers are so our entire series actually spans from october through december and aaron if you want to go to the next slide you can see how we've got the entire series laid out here please mark your calendars we really hope you join us to be able to see all of the live demos and the new enhancements that are happening this month and next month so with that i want to turn it over to aaron to tell you a little bit about the bcm capabilities awesome thank you teresa and really excited to uh to join the servicenow team and to have dan minter walk you through the the application but just to give everyone an overview and i always like to say if there's a question uh from the attendees please ask if it's probably uh someone else has the question as well and we can address it in uh in real time as we do bcm in real time so uh really excited to uh talk about servicenow's business continuity management application it's been designed and innovated over the past four years based upon a very successful blueprint and within the october release it's a brand new user interface brand new workflow look and feel you know we're always looking to enhance the intuitive nature of our applications it's based upon the native agent workspace within servicenow so it's the similar look and feel across the entire platform it's also the user experience that servicenow is innovating on uh moving forward so as new increased platform features come available within uh the workspace capability it will automatically be included within the business continuity management uh framework here so what uh dan is going to walk us all through is through a recommended practices for business continuity management which includes business recovery includes it recovery includes crisis management incident management essentially anything that you can plan for we can help support and enable as part of the bcm product suite so within the first part of the recommended practice for any business continuity life cycle is a business impact analysis and that's really to help organizations identify what's most critical to them during a disaster right so what are your most critical processes what are those interdependencies that would include applications other processes vendors facilities people all these things that we want to identify that's most critical that you need to help ensure is up and running during a disaster because what we what typically happens during a disaster is that not everyone is available certainly some of your assets aren't available and resources aren't available so we want to be really smart around where these assets are deployed and that's where we identify those in the business impact analysis which then will drive where you want to plan for so once again we're not going to plan for everything but we're going to plan for what's most critical for the organization and then that leads us into your business continuity of planning and i t disaster recovery capability the beautiful thing about doing bcm on the servicenow platform is that a lot of the information that we need for business continuity management is already available on platform uh it's also working together with the other product suites so business continuity management is included in the risk portfolio and so out of the box where we're naturally integrated with governance risk compliance vendor management risk management all these things that create an overall resilient organization and theresa mentioned the operational resiliency framework that's coming out in november that's another reason and capability to really help promote a resilient organization with smart dashboards that executives down to down to uh first and second line of defense people need to manage through an exercise or re event which leads me to the next capability plan exercise and recovery where we identify specific plans or elements that we want to activate in different scenarios that we want to play out as part of the plan and exercise recovery and then how do you manage these things globally well that's where we we we look at this from the crisis management lens and in reviewing the reports and dashboards to help ensure that we're recovering as efficiently as possible that we're collaborating across the globe or across lines of business or across locations and bringing all these things together so as we go forward i did want to just have a quick poll and maybe this is something that you can uh enter into the chat window from uh from this continuity management perspective within the servicenow community you know we have tons of different uh talents and expertise that that we talk through some people are very focused on the servicenow platform in it service management or or hr or facilities management and all these things come together and it really talks about a lot of the servicenow and business continuity management better together scenarios so if people could reply into the chat around if you're very familiar or a little familiar with business continuity management this will help dan and i with our conversations to address any of the questions that that that you have i'll just give you a few more seconds here as people reply now i kind of teased about this uh on the last slide and talking about a lot of these different better together stories and about uh integrated risk management and how we embed um these activities and these resilient or risk activities across an organization and by leveraging a platform we are really the only application and platform that can do this seamlessly so some standalone systems can perform business continuity management disaster recovery and yes they can accept data but apis limit you extremely so when you're on a platform you're sharing activities you're sharing workflow you're sharing security you're you're sharing user experiences you're collaborating and you're in you're also sharing ideas this is the power of a platform that you can leverage all these pieces of data across the platform and really work together as a resilient organization as opposed to a siloed piece of the business that really has the best intentions but this is an opportunity for us all to work together on the same platform and work together across an integrated risk management perspective so before i hand it over to dan the one last thing i just want to share with you is that as i mentioned as i started i'll end is that servicenow business continuity management is based off of four years of experience working with large and small organizations within the servicenow community so global insurance global retail global financial services banking healthcare manufacturers software companies every company is different but also so is every vertical and then we have this experience to bear to make and ensure to help ensure that your program is right size specifically for your needs and servicenow business continuity management has the configurability to help ensure that you are designing a program that fits what you're looking for and that we can help with you to be successful moving forward so dan i'm going to hand it over to you i had some just a quick little background here and as you move forward in the demonstration i'll also go back and check some of the questions great thank you aaron can you hear my voice aaron yes great great awesome all right folks thank you for joining again my name is dan minter i'm a senior advisory solution architect in our irm practice and i was a long time business continuity practitioner at companies like equifax i think we have one or two people from equifax on the line right now uh also e-trade financial and a sprint next hill so some very big footprints fortune 500 companies so i have a little bit of experience and probably a lot of you have uh you know similar experience to me and i've walked a few miles in your shoes so i'll start with this what you see on the dashboard for those of you who are familiar with the servicenow interface is sort of the older ui it is the oversight mechanism for you as it pertains to business continuity management three tabs i'll point out here that are on the screen the first the overall bcm overview status of business impact analyses status of plans and status of exercises the types of exercises and the results of your exercises impact analysis recovery time objective loss scenarios and the business impact analysis questions and how many of them have been answered and then when you get into recovery events in uh servicenow business continuity recovery events can either be exercises or they can be actual events very apropos to what we're dealing with right now with covet 19. uh so this is your oversight mechanism for your bcm recovery events this is your oversight this is your dashboarding this is your ability to have insight at the leadership ability all of the reports and dashboards that you see today can be shared they can also be scheduled to be sent out directly to people who have accountability and responsibility for your overall business resiliency program where the rubber meets the road and i refer to this as engagement and workflow is in the business continuity workspace so teresa and aaron refer to this this is what we call the servicenow ui or agent workspace so starting off again from the workflow perspective i have several different actions that i can take and they pertain directly to the different sub modules within servicenow's business continuity management solution starting a bia creating a plan starting an exercise or starting a crisis event the the ability here for each one of these different actions is very similar it pulls up a modular workspace for you to just add some very quick information to just get the shell created in this case of a bia so i'm going to fill out the name the template and by the way you can create your own bia templates those templates can point at applications they can point at business services they can point at business processes they can point at business units anything that you have in the servicenow configuration management database this is a huge differentiator for servicenow because all of that information is housed in our data model right so you don't have to uh aaron just mentioned this you don't have to build an integration between a point business continuity solution and your it ticketing system your cmdb system it's all in one data model all of the relationships between the tables they're already there we built them for you and it's out of the box okay and the experience for each of these different actions is the same as soon as you click on these ui actions that's what we call it in servicenow it will build up pull up this little modular view and you fill out this information you click submit and then it creates a record so the first step in that journey is let's say that's done for a bia you create a bia and this is the agent workspace interface for business impact analysis you can see here when we filled out that initial screen that i just showed you we picked the business services impact template it could be an application template it could be a business process template the template that you choose will change the impact assessment questions and the dependency assessment sections that are required in that specific bia and you can see here this is very simple everything that you filled out on that initial screen shows up here general information will show up here you can tie the bia directly to business units departments and locations the user administration section allows you to decide who has edit rights and or view rights to the bia and then of course your results are automatically calculated based on the answers to the questions that are asked within the impact assessment section which is probably a good segue so um so dan we had a question in the chat and i think you just basically answered it but the bia are bias against business process or services it sounds like it's really both for any it could be anything i mean literally and i think that's a big differentiator actually that's a good question probably a softball question you can you can uh point these bias at anything that you want which is really nifty because we have the itil model the cmdb on platform that's a good question thanks teresa all right when you get into the impact assessment itself this is where you're answering questions around and of course that template that i showed you earlier in this case we're looking at a business service right and again that service is in the cmdb uh once you set that template it will make a determination based on the template that you create in the system which different impact assessment sections are required so in this case in my demo instance i'm requiring workforce impact regulatory impact revenue impact legal impact you can create whatever impact categories you want and you can set these up however you want so as an example here what are we looking to do we're looking at the impact ratings and at what time frame you actually hit that impact and then based on the answers and the way that i've tuned notice how i did not use the word customized because there was no uh code that was required to build this out i i can tune this to say okay whenever i for example it whenever i hit a moderate uh time frame then i want th the recovery tier and the recovery time objective to be automatically calculated based on that that criteria i can tune that however i want and that's going to be different for every one of our customers which is why we made it so flexible okay as each of these different categories are completed you can see here you have a complete button and as each section is completed the progress indicator for the impact assessment progress will go up the same is the case for the dependency assessment okay and this is where you're building out dependencies between different uh different assets that are again that might be defined in your cmdb uh it might be different uh business units it might be different departments it might be different locations you can see here i pick the location it can be anything you want and again these categories are based on your particular modeling right how you want uh how you want the the template to define what dependencies are are apropos for that bia so in this case we're looking at dependencies between business services and different business processes and we can set recovery time objectives based on the relationship between the two so it's not just the recovery time objective for the the process that you're you're doing the bia for it's also defining recovery time objective and even recovery point objective with its applications for the relationships uh that are built between what you're targeting in the bia and the other uh dependencies that you've defined okay so you can get very granular here on what you're you know what you're defining employees this is just a few examples here applications so here's where you're building uh dependencies between the different applications and in this case the business service the client services business service again once each one of these sections is completed the progress indicator will go up eventually once you get all the sections completed and you as notice how i'm logged in as john chipley here john is a business analyst and or business continuity a member of the business continuity team once that individual whomever that is in your organization or it might be multiple individuals in different organizations once uh all that information is filled out and that person feels comfortable then they move it to the next step in the workflow and you can see this one is already in the pending approval phase for the owner of the bia which in this case is ally williams she's basically the business owner of the bia maybe a business unit leader ali would then have the permissions and maybe even receive a notification from the system to prompt her that she has something that needs approval she'll go in click approved and these uh ui actions that we have at the beginning at the top here we'll drive it through the workflow she could also reject that as well she might look at the answers in the bia and say hey this just doesn't make sense and then reject that and that would send a notification back to john chipley in this case and she could even provide a little commentary on what needs to be fixed okay this is servicenow's bread and butter workflow we do it better than anyone it's noticeable question it's recent can you help me there oh absolutely um aaron actually answered it but i think it's good for everybody to hear it on the video here um does the bcm module align with iso 22301 oh plan do check act most definitely it does no question it mainly the engagement piece that i'm showing you here mainly fulfills the do part of plan do check act right but as far as the uh continuous uh improvement element that plays directly into your overall iso program and ties directly into integrated risk management i'm going to show you when we get into the planning and the event management where that can tie directly into the integrated risk management functionality within servicenow so absolutely you establish that framework you can even measure the compliance with all of your iso 22301 controls as tasks are being completed during a real event or an exercise no other platform can do that okay awesome awesome thank you you're quite welcome all right let's move on to a plan this is a business continuity plan and again you have the overview tab here in the details tab the overview tab is just basically trying to give you an overview of some of the different elements that you're including in the plan uh who are the contributors in the plan again those are people that have either view or edit rights but it also tries to give you the ability to scope what is being protected by the plan in this case we've got three different business processes these processes are in the cmdb and these processes are being uh protected by the plan notice how that there's no rto and no recovery time achievable the rto is coming from the bia which tells me as the plan builder that these have not yet gone through a bia okay so that would prompt me to go back to the step that we just went over and get the bias done before we know what type of recovery strategies we need to define in the in the plan to meet the recovery time objectives the recovery time achievable would be coming from your testing right how how quickly did those processes come back online and then you can do a gap analysis between your rto and your recovery time achievable the details tab much like you saw on the bia cover some information notice the plan template much like we had on the bia the plan template changes what information needs to be filled out in the plan okay so there was a question earlier can i have emergency response plans yes you can can you have crisis management plans yes you can can you have it recovery plans yes you can you can have application recovery plans you build these templates in service now and you define which areas you know apply based on the template that you filled out general information again tying out the business unit and location user administration defines who has and you know contributor capabilities as well as view rights to the the plan the documentation section is where you can create one or multiple uh sort of either boilerplate or text sections to your plan so that when you output the plan to a pdf these sections will show up where you want them to so a lot of times our customers will say hey you know i want every plans cover page to look the same or you know i want every plan there's a boilerplate thing that i want to show up in every single plan you create these sections and then that's where you define where you want them to uh show up in the in the plan when you output it plan assets more um granular data on what you're protecting with the plan again based on the plan template which we we use the business continuity plan template it is now prompting me to add business processes that i'm protecting with the plan again if you could build a business continuity plan template and it might include plan business processes and business services and business applications you can build this however you want it's totally flexible to your requirements locations this is a look look up to the locations dictionary or locations table in servicenow this is coming directly out of the cmdb as well right everything the system of record for all the data is service now and and aaron touched on this earlier no need for api integrations right you think about that you buy a point bcm solution and then you do an upgrade on that solution you have to retest all the apis you have to do regression testing you have to pay people to support all that integration that's a lot of incremental operational expense okay tying out to users these would be users in the user dictionary or user table in servicenow uh this would be where you define which employees in the company or individuals that are you know maybe contractor for your company or however works your company could either be assigned to recovery tasks and or receive notifications when the plan is being activated you can see their contact information can be included there as well recovery teams this is where you're actually building out those teams now big another big differentiator for servicenow is where you define these teams and then you can tie those teams to either users which we defined here or you can tie those teams out directly to user groups that are quite often being utilized already in your i t ticketing system in servicenow so you don't have to rebuild the groups and rebuild the teams you can tie these teams to one or multiple groups like a like a network admin team or you unix admin team or your facilities team or your your physical security team in a particular location all that information might already be in your it service management in servicenow you're just utilizing the same dictionary that's already been established you don't have to rebuild it that's saving you a level of effort lost scenarios this is a new functionality in our uh platform uh uh business continuity uh platform where you can define different law scenarios and then within those scenarios you can define the recovery strategies and then you can roll tasks or relate tasks directly to those recovery strategies a lot of our customers have this requirement it is part of iso 22301 so maybe that enhances that answer a little bit but you can get very specific on when you create the plan what loss scenarios are you are you creating the plan for and you can see here this is all pulling in automatically based on the business continuity plan template and you can add ad hoc as well the last piece of the plan is obviously where the rubber meets the road and this is where you're building out your recovery tasks all the recovery tasks can be ordered chronologically uh they can also be tied directly to a configuration item this is tying out to servers assets locations business units business processes that can all be defined on a task by task basis and the tasks can be associated directly to individual users and or assignment groups as i mentioned earlier when we were defining those recovery teams and then there's a workflow right so this one is sitting in the uh planning stage right now once we click click on submit for review it would go on to the person that's the reviewer of the plan and then they would submit for approval and then it would go to ali williams as the owner for approval notifications can all be fired off that can all be handled directly through three different ways in servicenow to build out workflow and none of them require code to build so we have a couple of questions dan that will come in um are dependencies identified automatically and how are the bias versioned yeah the dependencies if you have the dependencies already built out in itom which is another part of servicenow uh in a future enhancement and again this is a forward-looking statement it is on our roadmap right now to add the ability for those dependencies that are already defined to pull in automatically so for example if i went back to the plan assets and i say these are the different processes that i want to protect with this plan if the relationship for example between that business process and the applications that that are tied to that process and the servers that are tied to the application if that's all built out in a future enhancement that will pull in automatically it doesn't today that it can be configured to do that but out of the box today it doesn't good question and then um how are the bias versioned uh well i'll i'll interpret that and the only way that i can think of it uh yeah so when you create a business impact analysis and you know you want to do maybe a annual iteration of that same bia you can reuse the same template next year and in servicenow the platform has what we call insert and stay so you just do an insert and stay you create a new version of that and then maybe make a few changes change the due date and then move it through the workflow that way you'd have two copies of essentially what is the same bia but it would represent two point in time sets of answers so that's easily solvable with the platform perfect um one more quick question about um reporting are you going to be touching on um bcp reports and being able to generate formal bcp reports yeah well i tried to touch on that here on the uh system of oversight that i started the demo with okay but it's not any different than you know creating reports for anything else in servicenow right you have the ability and you can see actually this user has edit rights on uh on these some of these reports so what you can make changes to these and this is all a drag and drop interface right reporting in and of itself could take 45 minutes to go through but again this doesn't require code if you wanted to create a vertical bar graph horizontal bar graph a pie graph a donut graph you can actually do that directly from a list view in servicenow which kind of looks like a spreadsheet okay so it's very easy to create reports and we do deliver out of the box reports hope that that sounds good yeah they were also asking about mail merging reports um yeah i know where that's coming from yeah so yeah um if you have multiple reports it is platform functionality to be able to export a whole dashboard to a pdf or you could take individual reports that are showing up on the dashboard and schedule those to output to users via email or share those reports or share those those dashboards with other people in your in your organization but if you want those reports to output so you can include them in your um powerpoint presentations and things like that that's platform functionality it's not just specific to business continuity you can do that in anything in servicenow fabulous thank you you got it all right so we took we took a look at the business continuity plan now let's transition over to an it recovery plan and you can see we changed the template that we created this plan to an application dr plan right so now when we look at plan assets for example we're targeting business applications as opposed to business processes we could target both again these templates are configurable you know if you have an application dr plan and maybe you want to target applications and you want to target something else you can certainly do that there's nothing stopping you from doing that all right similar to what you saw on the business continuity plan you have the overview tab and again that's showing you what you're protecting with the plan how many recovery teams are involved here how many recovery tests do you have any attachments again this is just platform capability and service now and again if i wanted to generate a pdf output of the plan since this plan is in a workflow state that will allow me to do that i could click generate pdf and it would output the plan to a pdf document okay details tab very similar to what you saw on the uh business continuity plan again we're looking at a different type of plan and the type of plan the template also defines the type of plan right so you so if you you use an application dr plan this drop-down might change right we have this set up to where you know basic based on an application dr plan it will offer us these three options but maybe i had a crisis management plan or emergency plan that somebody asked about earlier this drop down could change accordingly based on your requirements sorry everything that you see every field every drop down everything is configurable within servicenow documentation we already went through plan assets in this case because we chose the application dr plan template we're pulling in and looking at protecting business applications locations same as business continuity plans although maybe you want to have multiple application locations rather you might want to have one for your production location and another location for your dr location or if it's cloud-based maybe you want to define those locations of those cloud-based data centers users is the same as well the recovery teams in this case we're targeting more technology related recovery teams this is definitely a case where and i did this actually in this environment these groups were already built out in it service management and servicenow and i related those recovery teams directly to those technical groups and i didn't have to build those groups they were already there lost scenarios much the same but now we're targeting more of a technology type loss scenario and then the recovery tasks of course are more technol technology driven assigned directly to groups that are more you know technology teams and then if i want to generate this pdf i'm going to take a moment we'll let that spin up for a minute and i'll move on to an i.t outage we'll come back to that all right so we have in this case a recovery event the recovery event is an exercise as opposed to an actual event and by the way you can take an exercise and make it into an actual event during the the exercise if you needed to right that's just one attribute that you set and when you set that attribute it changes what shows up on your dashboard okay you if you remember earlier there was a dashboard that i showed you on right here where it showed me the events by type actual versus exercises and all these reports are interactive as well i can click right in there and bring up those records so going back to the plan now or to the event i've now decided which plans i want to activate now what happens is and you've probably seen this in some other point business continuity solutions servicenow will create a point-in-time copy of the plan why because auditors and regulators are going to want to know what the plan looked like on the day of the exercise or during the time that you were exercising those plans right so every time you activate either during a real event or an exercise of those plans servicenow creates a full copy of the plans and instantiates creates a copy of that plan point in time the next area is the ability to tie out the event ad hoc to any configuration items that are in the cmdb again this is a differentiator for servicenow because we have the cmdb on the platform event tasks are the instantiation of all the tasks that are defined in the plan so much like the fact that servicenow created a point in time copy of the plan it also creates a point and cop point in time copy of all the recovery tasks within the plan and then the recovery order that no matter what what planets assigned to these tasks can be ordered uh regardless of what plan they're associated to this is definitely applicable to an itdr where you may have hundreds of different applications and hundreds of different plans that you're exercising in one big data center failover like what we used to do with etrade we had 168 applications that we would recover in one exercise all the tasks you can order because you know a mainframe application might talk to a mid-range application and task number five for the mid-range can't be done until task number three for the mainframe is done so you can take all these tasks regardless of what plan they're associated to and order them however you need to to make sure that the recovery order taking the entire recovery effort into account happens exactly in the order that it needs to happen you can even run tasks in parallel as well and notice how the assignment group and uh the prioritization of each one of these tasks is being pulled in automatically based on the recovery task as it resides in the plan itself now a couple other things i'll point out huge differentiators for servicenow aaron mentioned this earlier and it is very important to point out the ability to take a recovery event whether it's an exercise or an actual event and tie it directly to integrated risk management and servicenow and define a risk event that would allow you to track the material the monetary impact if it's a real event now if you think about what's going on right now with kovid different organizations are being asked to track the expenses related to the activation of their business continuity plans and strategies and how the activation is impacting residual risk in their organization this ties directly to the risk register in integrated risk management and it ties directly to your compliance question earlier on iso 22 301 this would be one of two mechanisms that would allow you to measure not only risk but also compliance against your iso 22 301 requirements in near real time the other thing when you activate the event tying directly to another aspect of servicenow's platform which is security incident management right so since cove had started for example there's been a 667 increase in malware and fishing well as the crisis manager of the organization and the person that's managing the event i need to know if there are malware outbreaks in my organization same thing with it ticketing this is where you're tying directly to it tickets where servers are down or infrastructures down in the data center what is the very often the catalyst of an i.t outage and a declaration of dr multiple it tickets that are coming from servicenow that are telling you we have a big outage vendor risk management another element of uh servicenow's irm where you can tie directly to vendors and understand the vendor risk or supply chain risk and then lastly vulnerabilities do i have vulnerabilities that are not patched on systems and they can potentially be exploited going back to my malware example earlier business resiliency is not only people in process and systems going down as a result of you know physical problems with databases and things of that nature right database servers it's also the security and cyber resiliency of your organization as well now i showed you how within this system of uh engagement you can go in from the uh engagement workspace here and create a recovery event now think big what if you had the ability to go in here and have a portal where you could create events directly from a chat bot and just chat that information in or if i could see the status of all my systems in near real time right so with one click i can look into my server infrastructure environment and see the health of all my systems can't do that in a point business continuity solution that's the power of the platform that's the difference that servicenow makes what if i could go in and plot all of the activation of my plans on a map and then directly get to my plans from the map i'll take a second to pull up and there's my activated plan and here's all my event tasks so huge differentiation within the servicenow platform i'll take a step back for a minute we'll answer some questions after i go through two other things several times during the demo i've talked about templates your bia templates so these are just some examples and what those templates and this is just the way that we have it built out for our demo these different templates and what they're targeting so i've got an application bia i've got a business capability bia that these are all tables that are in the cmdb a lot of people ask me during demos well what if i don't have a cmdb that's very robust well that's not a problem you can populate this information you could even use the bia to begin to inform your your cmdb so well so while we're on the topic of templates um dan someone's asking about seeing the the disaster recovery template do we have one of those i've got a application dr plan i mean that's the one that i showed earlier i also have a data center recovery plan there we go so we've got two of them yeah and you can see what it's targeting over here this this is targeting applications this is targeting data centers but you can target whatever you want okay and the difference you know between these templates and the way that see when you document these these templates you can choose which sections are applicable in other words what areas within the plan when you go back to the plan need to be filled out and that even show up on the layout based on these sections here and you see the lost scenarios can automatically pull in as well so we our objective when we built this is to make it flexible and tunable for your needs we don't want to get overly prescriptive because then we paint ourselves to a into a corner and that your requirements might be different than five other customers that we have we want you to be able to build the templates out the way that you want it all right and then the last thing i'll point out here and i've mentioned this a few times and i can't over emphasize this enough being able to understand risk this is an example of a pandemic risk dashboard where i'm looking at iso controls or business continuity specific controls or one of these is cdc controls that we pulled in and based on the completion of the tasks for a pandemic event it automatically tells me whether the control is satisfied using our integrated risk management control indicators so i can tell not only are my tasks completed but i'm satisfying all my compliance requirements and i can tell that in real time i can also see risk in near real time and how this heat map will change as tasks are completed so a lot of you know somebody had a question on dashboarding the dashboard capabilities in servicenow i mean think of something in your imagination and you build it so here's a question for you dan what is the prerequisites to use the bcm module successfully will it stand on its own or do you need to have a bunch of other applications no you absolutely don't i have i have demo instances where all i have uh installed is the bcm showcase i don't have anything else installed that will not stop you from doing bias because everyone thinks that the cmdb only comes with the it functionality in servicenow that's not true no matter what you buy if it could be vendor risk management it might be bcm it might be hr some of the other things that we do no matter what you buy you get this the the cmdb tables right so you don't you know you you can operate completely independent and still be very highly functional in your business continuity program awesome well we have a couple more questions would you you want to take them now or do you want to show us something else no i think i think that's it you know i wanted to leave 10 minutes for for questions so let's let's go ahead and knock those out we got a lot of them here um i know aaron i don't know if you're seeing any that you want to answer i've been hitting some of them uh live on the chat perfect um go ahead so here's one um can third party dependencies be accounted for in i believe this is out of band solution uh so i think that refers to um you know like applications and applications in the cloud and uh how different business processes are tied to supply chain vendors i mean i'm just guessing that that might be right but the answer is yeah i mean this servicenow is uniquely set up to be able to solve for that use case i mean out of the box the relationships are there all you do is you plug in those different modules like i'm just thinking of vendor risk management or vendor management which is part of it ticketing and you know you the relationship between business continuity and vendors is there you just saw it earlier when i i showed you the vendor risk management tied to an event i hope that helped yeah i i wasn't quite sure exactly what that was yeah um in order but another question around vendors actually so in order to integrate with vendor risk management with bcm you do have to buy the vendors management module you do yes okay so let me i'm sorry go ahead yeah yeah okay so the answer is yes to tie to vendor risk management you do have to own vendor risk management to tie to vendor management which is not the risk component it's more like contracts and slas measuring slas and vendor performance that's itsm that's the it ticketing so you know and you know if you had all three of them that would be a match made in heaven right but yes vendor risk you have to have the drm vendor risk management so basically what we're saying is you know we collect information from a whole lot of different servicenow products and third-party products that are then consolidated in our platform as long as it's in the platform we can use it in bsbcm that's right that's exactly right i mean a perfect example is i showed earlier vulnerabilities right so if you have a vulnerability scanner and that pulls into the vulnerability response functionality in servicenow now you'll be able to tie your you know vulnerability management to your business continuity uh security incidents going out and pulling in event data from sim technologies to understand whether bad actors are doing bad things in your network uh that would be another example for vendor risk management things like bit site or security score card or risk recon all that information pulls in scoring and now you can use that as an outside source other than your normal risk assessment to understand risks associated with vendors so all that just three examples can inform your business resiliency program and again i think we're uniquely positioned to do that everything i just described you can't do in a business continuity point solution yeah and and you know apis absolutely and the more the more applications you have the richer the data but not that we don't want you to buy the applications um even if you just have itsm you can integrate with third-party applications and you can pull that data in and you can put it in the platform and we can use it so you know we'd love we love you to be able to buy additional servicenow applications and we think it significantly adds value but it's not a prerequisite for making bcm valuable right um i'm going to skip around a little bit um here's one how can we quantify the bia with monetary amount yeah that's a great question let me jump back to a bia because pardon me some of our customers want to take a different approach than we than i showed you so if i go back to this client services bia we do have customers that instead of having impact ratings like low moderate and high they might change these impact ratings to say like zero to fifty thousand dollars moderate might be fifty thousand to two hundred fifty thousand dollars right and you can change the language here and then when you roll this up and you report right you can change the language so that you know the impact rating maybe you have a calculation that says okay tell me when the impact time frame is uh matches moderate and then that is what i want to drive the recovery tier and the recovery time objective and then i also want to create a report that shows you know what monetary uh value is does does moderate mean right instead of using low moderate high or like a five point scale you can change these impact ratings however you want so when you create your reports you're you're reporting in terms of you know uh uh money monetary impact uh as opposed to you know just a three or five point scale and since you mentioned reporting um a question about you don't you have to have admin rights to do reporting and servicenow to be able to create ad hoc reports no yeah i didn't think so no as a matter of fact matter of fact this user right here john is not an admin and you can see right here john has the ability to modify this dashboard the way that works is if you create a report regardless of whether you're an admin or not you own that report and you have edit rights to that report you can delegate permissions to other people you can delegate permissions to other people based on their roles you can delegate permissions to that report based on their group so that's where you know user access permissioning comes in but you can get very granular on who can see what and who can edit what and you don't have to be an admin okay perfect i know we're coming up to the top of the album but there's a couple more questions here the one is um we i don't know if you still have it up or not but we were waiting for a pdf output to apologies and you want to skip back over to that yeah and then we have a question about your fabulous location map okay sure yep let me open the pdf here and of course this is all this is all templated right i can change my logo you know from the acme company or whatever it is this can all be changed but this is just an example this is the summary remember i talked about the the document sections you know this might be boilerplate for your company or whatever now we're talking about the checklist teams right that's outputting the teams that were defined in the plan the different lost scenarios that were defined in the plan and the step-by-step recovery tasks and of course this is all you know uh configurable okay and then the last thing is your your fabulous location map oh yes um being able to get to that is it you know through a service portal and you know and we've got several things on our service portal actually for our frontline users yeah so you know being able to access a lot of the maps that we have and a lot of the you know policy acknowledgements for example or reporting risk events things like that we can we have on our service portal and um i'm assuming this map you could actually set up to be able to be accessed off of the service portal also that's exactly the way we built this um yes so there is mapping functionality on the platform and that's what we built uh on this portal so i'll go back to the portal i know we only have one more minute and from the portal i just clicked on that link this is kind of a widget that we create in the portal and then that will bring up the map and then the location of the the plans because each plan is tied to a location it's using google maps in this case to geo locate based on address that's associated to the plan and those addresses are in the location table in servicenow awesome all right well i think um oh we got dan good stuff comment thank you dan dan is amazing um so aaron why don't you go ahead and grab the ball back and while you're doing that can you tell us we got a few questions about you know is this we'll put up the slide that shows what we should be doing tomorrow and um and then you can maybe tell us about answer some of the questions here about or you know we're going to have a certification class is this a replacement for maestro aaron can you tell us a little bit about those things yeah so uh we're at the top of the hour so i'll keep it short and sweet but um so the servicenow bcm is based upon the architecture of maestro and uh so we're leveraging all the uh the experience and uh uh use cases within maestro and uh so that's that uh the other piece of it was uh what was the other question the question certification training certification yes that will become available next month and um you know we'll help our partners and customers and prospects with their enablement wonderful well thank you so much dan and aaron this was fabulous it was definitely jam-packed with information we appreciate you guys and we appreciate all of our attendees hanging out there um thank you very much and check out all of our other ask the expert recordings out on our playlist thanks teresa thanks everyone have a good day bye