hi this is joe montgomery solution architect with servicenow integrated risk management and today we're going to talk about the cdc content pack that's recently been released and how we can help organizations to leverage that content to return to the workplace safely so as organizations evaluate and balance the readiness of their employees returned to the office space they'll need a tool to engage their employees and track that data both of the employee wellness and their readiness so if an organization is leveraging the servicenow return to work applications that have recently been released to assist in that effort then they're already gathering critical data um and storing that information in the servicenow platform information like health screening of employees and ppe inventory so ultimately the transition will occur from the question of are you ready to open to how do we open safely and to answer this question the cdc has released their guidelines on the necessary steps to take or what controls do i need to have in place in order to open safely with servicenow policy compliance modules and the cdc content pack we can help organizations not only know what controls they need to have implemented but to continuously monitor those controls in an automated fashion by evaluating that data that we're gathering and storing within the platform from those other applications so for this example this organization has adopted the cdc guidelines as their framework for measuring the safety of returning to work post covid19 these guidelines provide detailed controls and example policies for facilities departments and the enterprise to ensure the safety of their employees returning to work so we're going to start by focusing on the policies here so i'm going to open up the policies we see this organization has a handful of policies uh standards procedures throughout their across their organization and towards the bottom we'll see those department specific guidelines the facility specific guidelines and the company specific guidelines so part of that cdc content pack that we've released does map those controls to specific parts of an enterprise to evaluate the readiness of returning to work or the safety as you return to work so for this example we're going to focus on the facility specific guidelines standard here so as we open up this policy we'll see that this is really just a placeholder policy that we've released and that's the same for for all of the policies the intention is that your organization can take your policy or develop a policy around your specific guidelines for a facility or for each department and you can take that content that we've mapped and apply it to that policy so we'll see again this is the facility specific guidelines and we can see that we have and we have already mapped the entity type of facilities so this is this is the location table within the platform so you might even already have content loaded within this table and so we can automatically apply all of these controls to the various facilities so we can see with with this facility's policy we have 90 control objectives so this is 90 different controls that need to be implemented for a facility for a location prior to or as a part of opening safely so these are the 90 controls that that were released with that cdc content pack so we're going to focus on one individual control called monitor workforce for indicative symptoms do not allow symptomatic people to physically return to work so we want to monitor people's symptoms prior to allowing them to return to this facility so i'm going to open up this control objective and the first thing that we'll see is that source so cdc covered 19 that is the cdc content pack so we can see that this is one of the one of the many controls that we've released as a part of the content pack we're documenting that source and and then we can see some additional information like the description if we wanted to document the category the classification the type uh that's not information that we're providing but that is there for customers to be able to document what what type of control what category control etc so as we move down to the related lists here we can see that again we're mapped back to that facilities entity type so just a way to be able to allocate this monitor workforce for indicative symptoms control to all of the different entities that fall under that entity type which we'll see here in a moment we're also mapped back to that facility specific guidelines standard that we just that we just saw as well as to the citations so the citations are uh another element of the cdc content pack that we've released and we can see that this monitor workforce for indicative symptoms control is mapped back to these two citations so maintain healthy work environment and then these two citations roll back to the authority document of interim guidance for business and employers returning to coronavirus responding to coronavirus so a quick summary of what's included uh in the content pack we have the one authority document the interim guidance for businesses and employers responding to coronavirus that authority document has 46 citations mapped to that authority document which has 96 control objectives that are mapped to the various citations and those control objectives again are looking at they could be evaluating the enterprise the department or facility and really the entity any entity type and organization has and wants to monitor the return to work at whatever level that that is that's we can handle that and what we are providing as a part of the content pack is at that facility level at that department level and then at the overall company or the overall enterprise level so this monitor workforce for indicative simpsons again this is one control of 96 that we've released and this control is mapped back to multiply multiple citations it could be one or many citations which is ultimately mapped back to that authority document and that allows us the ability to evaluate our compliance with this control roll that up to the citation ultimately roll that up to the overall overall authority documents so that i can see what's my level of compliance with the overall cdc guidelines as we return to work for this specific facility so moving to the controls tab here this is where we can instantiate this control objective to the various entities or to the various facilities that it applies to so we can see that we have this same control applied out to these four different entities so these are the different facilities that we have put we have instantiated the control out to we're going to focus on this 60 east 42nd street in new york as the facility as we go through the rest of this conversation so i'm going to open up this instance of the control and the first thing that we'll see across the top here is the chevrons which which indicates that there's a life cycle associated with this control so we can see that we're currently in the attestation stage of the control life cycle we can see that control name control number what entity is this is this control applied to so that that's the specific control is the objective applied out to a single entity we can see the control owner so the control owner by default will be that facility owner that entity owner and that can be modified if we need as well as the at the station on on this application tab below we can see what attestation needs to be completed as well as who is the respondent and that could be one or multiple individuals responding to that at the station of the control in this case we just have that control owner um the entity owner david would be the responsible party for completing that attestation on behalf of his facility so i'm going to impersonate david here david's role is that in this scenario is a facility owner and entity owner so he's really that first line of defense persona who we don't really anticipate having a day-to-day responsibility within the servicenow platform especially from this kind of grc returning to work type of type of function so what we do is provide a handful of different ways for david to be able to find the information that he's looking for and be able to complete the tasks that he needs to complete on a on you know a simple a simple way so i can go ahead and click on the my controls underneath policy and compliance and and as david i can see all of the different controls that i own i can see a lot of the controls i've already gone through some of the life cycle i can see some are compliant some are non-compliant i can see the different entities that i own so if i want to only see my 60 east 42nd street i can right click show matching and then i can just see all of those 92 controls again some are not applicable i can see some are in the review state some are draft some are waiting for my action in that a test state so moving to what i actually need to take action on i can click on my attestations over here in the navigation menu and i can see all of those controls that are currently in the a test state and i can ultimately drill into this to complete this attestation so again we're going to focus on the monitor workforce for indicative symptoms i'm going to go ahead and take this assessment here so this is is the control implemented we're going to go ahead and say yes attach that evidence so our evidence of control implementation here then we can ultimately go ahead and submit this and then you can see that no longer monitor uh the workforce for indicative symptoms that control is no longer here because it's no longer in the test state we just completed that stage of the control life cycle so as the control owner it's it's a very simple way to be able to find what i'm looking for we also have the option to complete this through the service portal if the organization is taking advantage of the service portal we can complete these attestations through that method as well which is an even easier kind of cleaner interface to engage that first line of defense persona so i'm going to end this impersonation here and we'll be routed back to our our compliance overview dashboard so with this we can see a handful of the different different external regulations or frameworks that we might care about and might want to be measuring ourselves against and and not necessarily just from a covered perspective or returning to work perspective so you can see some of the some of the common frameworks or regulations that we'll see um in the integrator risk management space or a missed 853 iso 27000 but what we'll see here with the cdc content pack release is now we can see this interim guidance for businesses and employers responding to chronovirus so this is that cdc content pack that we have released and so we have the ability to start to measure all of those controls as each one of those controls goes through the life cycle for a specific facility or specific entity we can start to measure that entity for compliance against that against that cdc guidance so i want to filter this dashboard on my 60 east 42nd street and then we can see in our overall compliance report here i can see that i've got 58 or 71 percent of my controls have been attested to being compliant i can see that a little over eight and a half percent are non-compliant seven controls so i'm going to drill into my compliant here and i can see all all of those controls that make up the 58 and what i want to do is search for my monitor workforce so because as david i just completed that attestation which we can see in the related lists here so we can even view those specific responses and we can see in this scenario there have been multiple at the station so this this control has gone through the life cycle a few times or we've kicked it back and and made david re-complete that attestation there's a few different scenarios but we can see each time that that control has gone through a life cycle we can see that attestation and the that overall status of compliance is because we had indicated that that control with with this cycle of the attestation is in it's implemented and it's operating effectively we've attached that evidence so as we go through that control life cycle and we get through the review stage into the monitor stage we go from having a uh more of a an active approach from a control owner perspective in in documenting that the control is implemented to more of an ongoing monitoring aspect and this is where we can really take advantage of the servicenow platform and the ability to monitor that other information that sits within the platform in this case information that we have gathered from the return to work applications so an indicator is a metric that we are using to evaluate that other content within the platform so as that control is in a monitor state and is and is not actively being assessed by the control owner we can take advantage of these indicators and i'm going to drill into this employee returning to work with indicative symptoms indicator and these indicators can run on set schedules with predefined criteria to be evaluated to determine whether this control is is effective or not so we can see here that again this this indicator is is is evaluating the monitor workforce for indicative symptoms that same control we've been evaluating we can see who that owner is david again and then on the schedule we can see what's my collection frequency so we can determine how often we want this indicator to run how often do we want this to automatically evaluate that other content within the platform so we have this indicator set to run daily and as i move over to the supporting data tab this is where we can define what table we're evaluating that content so in this scenario we're evaluating the request for entry that's a part of the return to workplace where prior to an employee being granted access to a facility they are monitored for symptoms so what we have set this criteria to to be evaluated is if the temperature result is passed or access has been granted to that facility and that employee has a temperature that we have deemed to be an indicative symptom really just a fever right so if someone was granted access to that facility with symptoms we could fail this indicator ultimately flag this control as non-compliant through that we have the ability to kick off issues and route that to the necessary individuals as well so this is just one example of of how we can monitor information within the platform uh you know another common one that we'll see especially with the return to work is evaluating ppe inventory so one of a few of the controls within the cdc content revolve around cleaning different workspaces and and so in order to do that there has to be cleaning supplies there has to be ppe and we can evaluate the inventory levels based on the content that we are tracking within that return to work applications as well so a few different examples of really how we can take advantage of that information we're gathering as organizations return to work and leverage the servicenow platform and the various applications that we have in place to to make that a safe process for organizations