is you know this is a part of a series and besides this there's a lot of other things up there too that are really really valuable to see how how we're doing you know how we're how we're using our products in the internally or how you know the new enhancements that are coming out or some of our partner integrations and how that you know that can be used to to you know help customers and do really get more out of the product basically yeah really you know the art of the possible and really leverage the product as much as possible yeah I know we're just at 12 well 1001 Pacific time so I think we still have maybe one or two more attendees that might be joining us but as this is being recorded we will include these links of the reporting into the chat and so okay with that Theresa welcome to another ask the expert of s yeah thank you so much yeah this is actually this is one of my favorite events and and they're so valuable and I love the fact that they continue to live on on YouTube so we will post the link to the playlist of all the ask the experts in the chat window um so all of you can can find it thank you so much for joining me and my colleague industry as we talk about the new enhancements in the Paris release as hopefully all of you are aware we released some new applications on the store in June we are really excited about that and we've had a couple of ask the experts already to highlight these new features the first one we did on June 22nd so you can find that in store we talked about our advanced risk assessments and how we are now able to assess any object whether or not it's a GRC entity we also added automated factors or the ability to automate the collection of responses from the platform for questionnaires so this is really about increasing the efficiency and giving you more of a real-time view of what's happening and then risk events we've integrated with a lot of our other products helps you get a better overall view of your risk posture because you're now engaging those frontline employees the people in HR and customer service and in in the security team so that when they see something they're able to easily report it just from a button right on the application they're using they don't have to go outside of the application that they're familiar with on July 19th we had a Jorge come in and he gave us an amazing demo on some of our risk management capabilities that we've added in June and I'm actually really excited about this because and if you're a financial institution I think this is great for you guys because now we really comply and align with all the OCC guidelines and regulations we've added vendor hierarchies because we recognize that it's not just third parties its fourth parties or maybe even fifth parties that need to be assessed and and they need to be assessed in certain ways is it engagement a project maybe a product and each of those are different and then we really got granular and said I know you as customers want to know where is this risk coming from is it coming from financial risk is it security risk is a reputational risk is it coming from this particular fourth party in one of your subsidiaries you know so then you're able to go in and triage that a lot better work with the vendors to us to them to bring them up to to par or you know looking at them as a resilient standpoint maybe you need to go and get an alternate vendor so very excited about that and today we are super excited because we have a new tree coming to talk to us and today we actually have another store release and a couple of these features are going to be added to the storm release I realize now that I actually left one of them off but we are talking about politics sections for vulnerability so this is another one of the ways that we help our other groups in this case it's purity teams and vulnerability response personnel be able to report Paul's exceptions from within their tool and then one of the two new features that are just introduced today are the application owner dashboard for the CIOs and for service owners and then the thing I left off was actually the dashboard for the audit managers so our audit dashboard has been updated to in a nursery is going to walk us through all of these things and at that I'm actually gonna turn it over to her to be able to talk to you and show you what we've done thanks Jason hi everyone good morning good afternoon good evening um I'm really excited today to talk about our couple new features that are coming up on the policy and compliance side and Esther has said they are going to be helping different personas your policy exceptions are going to be helping in your politic policy and compliance managers as well as the requesters who are from their mediation owners of the one an empty response and we have application owner CIO dashboards helping our application owners and CIOs to monitor compliance risk and audit side of the organization as well as the audit manager dashboard we'll be helping our audit managers what I'm excited about these features or all of them are related to bringing more than one ServiceNow applications together what we internal we call them as better together because we are going to be starting with the policy exception for vulnerability response where we are integrating with our Liberty response product from security business unit and we'll be showing you the value that we are providing from winning in these two features together similarly our application owner dashboard works really well or its integrates with our business application tables coming from our business application product from IBM business unit so I thing about these couple of features and I'm really excited to share them today so with further ado I will go ahead and show my selfie I have a combination of a deck as well as the demo for you guys alright so I'm gonna go ahead and share my desktop so we will be starting off with policy exception for one every response feature and then I'll get into application res dashboard and audit manager dashboard so the policy exception management I just to give you a little bit of background of what it is so we release this feature a few releases back policy exception is basically a temporary release that a control owner or any user end-user first line of defense user who are owning the controls or someone who has who needs to come be compliant with the conventional right they they if they for some reason they need a template already for exception to curb to be compliant with those controls they can go ahead and request exceptions what we have in the product today is we have a capability to request exception for a policy for a control object which generically called as controls or issues right and when you request exception it goes through the whole workflow of approval and verification risk assessment and then finally the exception is approved there's also capability to extend the exception in case you're not able to comply with in with a control for a certain duration you could also extend it right an example that I have listed on here is if you're unable to meet a control object or for patching say critical servers right which needs to be patched within 48 hours for some reason the servers are also flying you could go ahead and request exception using GRC because you're managing these policies and controls in GRC it also makes sense to request exception and manage the exceptions within GRC so with that what I'm gonna explain you is what we added or did enhancement to a policy exception and a release last year as well as their release this year in June what we did last year November store release is the expanded or policy exception framework to accommodate requesting of exception from any ServiceNow application so we you can pretty much inquest exception from say change request for a change request for an incident for a vulnerability vulnerable item vulnerability group or any application that you would want to indicate the exceptions policy exceptions for right so you could request exception for anything so we've expanded that framework so it becomes very flexible for you to manage the policies as well as they request exception in policy and compliance now what we added in our June release is a specialized case for vulnerability response product a security product so we we enhance our policy exception to accommodate this end-to-end use case where as a remediation owner who owns the controls related to a Liberty response related policy you would be able to come in to the product and request exceptions for any of the vulnerabilities that you are not able to patch or close out right so in this case you could request exception for one little bitty group or list of vulnerable items and for the controls which you seem with which are basically non-compliant or you're not able to comply with those controls once these exceptions are requested those are analyzed in GRC and someone from the compliance team or risk team would analyze all the information that they gather and then approve these exceptions once the exceptions are approved you can actually see the state change on that later one edible items or vulnerability group so they they would be they would be changed as therefore on the GRC side you could see the temporary relief on the controls so the controls which are non-compliant before can become compliant for certain duration of exception so you're good for that certain duration from the reporting point of view but that doesn't mean your risk is lowered right your risk still remains because you haven't patched or you haven't remediated that arrest when the exception expires of course everything goes back to its original state so you're vulnerable items you're one empty group will reopen again and you need to make sure that you're patching those things so it's just a temporary relief it's not a permanent exception now with that what we added in this release is an ability to request exception of course from one ot a response product and then we are also providing additional capability for a compliance management team or a risk management team to ask additional questions to these requesters so you could you could pretty much configure any questionnaire for asking questions to the end users while they're requesting exceptions we've also added a couple of approval processes or verification processes the verification process the process basically works when a requester requesting an exception for example say remediation owner has requested an exception and once they request an exception they still have some information maybe they don't know about the particular control objective that they need to be compliant with they PI just know the policy that they need to comply with right so that when they requests exceptions some information might be incomplete so before actually sending it out to compliance team for approval they will first send it to their managers or say someone in the vulnerability management team will review this exception and make sure the information is complete the exception makes sense so that is a verification process or we've added that as a optional step so you can configure multiple levels of verifications as well and once everything is verified and ready for requesting exception then it goes to our compliance team which then analyze the exception get the information provided by the end users and assess the risk related to it and then they will either approve an exception or they can also further send the exception for additional approvals so for example the risk is very high and they would want to get an opinion from say summon from the seaso theme right the CEO of the organization or a CIO they can also send additional approvals to these stakeholders so that is another workflow that we added as an optional step so you can always request approval based on different conditions from various people and of course after exception is approved the statuses are reflected back on the vulnerable items with that I'm just going to go through the process quickly clear just to give you an overview of the workflow so as the end user you would be able able to request exception you can add reason or additional questions that are asked by the Questor and also the duration of the exception when the exception is created it is now routed to the compliance team once the verification of course is done and then the compliance team will analyze it they will assess the exception they will provide the risk rating they can also optionally send it for review and once everything is done then they can either approve it or send it for additional approvals from the CIO or C's or anyone of an organization and once it's approved all the later be eyes will now be deferred and and of course there's a way for the end users to request extension and enmons takes exception expires you will see that the VIII eyes have reopened again with that I am just going to go ahead and demo it to you let me know if you have any questions before that yeah so that what I have here is an example of policy which is the weather every management policy and which talks about various things related well anybody scare and security aspect suffered I have three control objectives under it which talks about if the vulnerabilities are at a different risk level how should they be remediated right so I have three control objectives here the other things that I have here which are a little bit enhancements to our policy is I have a way for tagging a policy so your have tagged this policy as a VR policy and you'll see in a bit how we are using that tagging we will also have a way to to define the maximum exception duration so if cost if I request to start asking exception more than 30 days they will not be able to request that so they need to fall within this maximum duration and this is totally optional so if you don't have any conditions here then it's an indefinite duration that our customers can I ask exception for I'm now going to my walnut ability group so today what I have here is this is a one every group and the there are 3-1 edible items under that group that I need exception for currently the status of thumb I have an empty group as well as one edible items is open right so this vulnerability is open right now the risk rating is high what I'm gonna do is I'm gonna log in as Lisa who is the owner of this vulnerability group and for some reason Lisa is not able to comply with the vulnerability related policy and a specific control objective so she can go ahead and request exception so once she clicks on request exception you can see that the policy is automatically populated here and that is because we have tagged this policy as a VR policy so if there is only one policy that is available in the system which is tagged as we are it will auto-populate it but if there are multiple policies you will see list of all those stat policies here you can choose from one of them now I'll go ahead and also choose a control object up here and I will request adulation for say until all the servers when I do that you'll notice that there is error message telling me that you cannot accept our request exception more than 30 days that is because of the maximum duration field that I was showing you you lost your get your audio a little bit and while you're walking through this and we have a question about the approval steps so let's say this particular vulnerability was a critical vulnerability and you needed three approval steps versus another vulnerability that might not be so critical might not require as many vulnerability steps or approval steps so when you get to the approval process if you can talk if you could talk to that so do you want me to beat this again if you I think we just made lost you at the very end so I think I think you're good okay so whatever is explaining is you can provide the validity of the exception and of course it depends on the maximum duration that you've configured on the policy then you can provide the reasons here so in this case I'm going to go ahead and say say that the fix is unavailable and that's why I am requesting an exception if you notice you will see a next button right here and when you click on that you will get additional questionnaire that have been configured by the compliance team this is again that this is what I was talking about this is completely configurable you can change the questions as you want for each application that you're requesting exceptions form so here I have three questions but it's completely up to you how do you want to consider this question it I'm gonna go ahead and just write something here and I'm gonna save this questionnaire when I save this questionnaire you will notice that it tells me that the policy exception is created in the background but it also tells me that the the questionnaire is pending so you have not submitted the questionnaire yet so when I click on this policy exception I see that there's an FIR message on top which asking me to complete the question in here and I also see it take questionnaire button right so the end-user you were able to see the repulse exception that you've created with all the details that you filled in right um you see that the source application and vulnerability response you also see the source record from where you're created the exception is the vulnerability grew right and then there are three vulnerable items that are populated here as well on the policy section so I'm gonna go ahead and click on take questionnaire and let me add something here and submit this question so when I submit this questionnaire you will see that the substitute has changed to pending verification so now my questionnaire is gone to someone and my management team for verification now if I look at the verification approvals I see that these are the two approvers that need to approve and they're part of my my remediation own management team so I'm gonna go ahead and log in as one of them so is there is there a way to change the number of approvers or the number of who-ville steps based on the criticality of the yes ability you're able to change the verification approvers at least right now it's simple it's not based on any condition but when it comes to approvals actual approval of false exception you can change them based on their risk rating like you said or other criteria so I'm going to go ahead and show that to you in a bit you know when I go to my approvers I see that one approval is dating for me and I can also see the details of the policy exception and I'm going to go ahead and approve this once I approve this I will see that the policy policy exception should be moving into the new state the analyze state because the other prover is no longer required once if I have approval and this is again a configuration so you can choose whether both of them must be approving or only one of them must be a Pooh okay so I'm gonna go ahead now and impersonate as a compliance manager because that is how that is the team that looks at it looks at the policy exception when it's an analyze see so this is the policy exception that has been created and I see that there is it I can assign it to myself and I can see there is a new section that we've added we actually renamed existing section to risk assessment and I can do as a compliance manager I can perform the risk assessment on the policy exception here so what we had previously was there was indication with this application and it was a tight integration where this team only can come in and analyze the exception and provide that is creating in this case we've kept kept a little bit open so even someone from the compliance team who's analyzing the exception can review it and provide that risk rating what we're going to do in the future releases is we are going to be indicating with our advanced risk assessment which which you guys saw so a webinar for some some days like like there's a mention so we will be indicating with advanced risk assessment here so if they want they can perform advanced ask assessment on the policy exception and then get the risk rating from their assessment in that case you can bring in risk management team to perform the risk assessment here I'm simply going to go ahead and make it as high what I as approver I see all the information I can also go in the source and I can see the link to the question as well so if I want to open up the questionnaire I see the answer from my requester I see all the details that I was showing to you before so you can actually see debug little items not have the required role but they need to have required role to see the iana little items as well and then once they analyze everything they can go ahead and save this and they can either approve it or they can send it for optional review um let me go ahead and send it for a review and once it's sent for a review someone from compliance management team can come in and review it now as a reviewer what what I am doing is I'm reviewing all the information and I'm making sure the risk rating is also correct in this case if I feel looking at the policy exception the risk rating is too a bit higher on the higher side so I'm gonna go ahead and make it medium and I'm gonna also add my reason why I'm hearing him and I'm gonna save this now as a reviewer again you can't approve an exception or you can request additional approvals as well when you request additional approval it's good to go ahead and create approval records for the stakeholders that you've configured in your approval rule and those approvals are based on various criteria based on the risk rating that you have selected here it is also based on the policy your control object of your requesting section for so I'm going to go ahead and request approval here once I do that I see a link here and it gives me an information about who the approvers are going to be and this is the approval rule that I was talking about so here if you notice I am talking about their risk rating which is I've selected as medium and I'm saying that if this particular policy is selected and this is the control object that has been that the requester is requesting section 4 then I want to request additional approvers in this case I've set up two levels of approval number of the first level sending it to able to Duran Carol and I'm saying only one of them needs to approve but the next level is actually going to Fred laddy who's our founder it's basically saying that at this level whoever is at this level all must be a prune since we only have one person here they will be the one who will be approving it and this is totally configurable and these fields are optional so you can be set just on the screen or basic just on the policy or control objective and you can also decide whether these approval levels should be auto triggered or not so even if you're a compliance team and you have a way for going to the policy exception and just clicking on approve it won't approve automatically at that point because you have configured this rule and you've made this rule auto trigger which means you're making this mandatory step you are making sure that the a policy exception goes for addition approvals yeah I'm just gonna give you an example of one of the levels so you can configure pretty much users or groups here you can select one of the options here you can also select the order of the levels how the approval should be sent out all right so what I'm going to do now is I'm going to log in as the approvers here okay so let me log in as a bit yourself that's a little less exactly will be a bet on what the question was asked about so you may be entered it thank you so much industry awesome so here is my approval that was requested by for me so I bet you did logs in and looks at the exception reviews it and they can go ahead and approve it yeah once they approval you will notice that Carol is not required to approve because you've selected that configuration and we say that only one of them should be approving it okay but when to the six second level so Fred laddie now has to come in and approve it so I'm going to now impersonate as Fred and I'm going to go ahead and upload this once I approve the policy exception now you will see that I'm gonna get log in as a requester so the Questor can monitor the status of the policy exception all along right so if they go to one already group they can see a link to a policy exception under that group and when they go to a policy exception they can see what's happening on that one succession so now they see that the policy exception has been approved they can also see for how long and and then if you notice they can see the status of all the vulnerable items switch to defer from open also the status of the the vulnerability group has changed to therefore so now this VR and this VG and the underlying vis are therefore for the period of policy exception if they want to extend the policy exception they can always request extension and increase the length of the policy exception so that was the end-to-end demo of the workflow I want to show certain things from how you can configure those rules the verification rule I already spoke about the approval rule and how one can go to create this integration between different applications with policy exception so this is our verification rule this is a simple rule which really has no conditions to add by it you can create multiple levels so you can say that for a vulnerability response application I mean I need sort of a pass exceptions to go through these levels of verification in this case I have level 1 verification and I've asked remediation owners to verify and of course approval we already looked at the approval rule which lets you configure the approvals based on the conditions now on the when you install the vulnerability response application and policy and compliance application you will see this option on the one and under vulnerability response application which lets you select whether you want to integrate with GRC policy exception management or or just have a simple vanity response exception management so they are providing this configuration as as soon as you select this option you will see that policy exception but in the UI that you can request exception for the policy exception relatedness and the VG as well as everything will be configured automatically for you now the last thing that I want to show you is the integration registry so this is where you can actually configure come in and configure what kind of integrations you are looking for so in this case I gave you example of one a Liberty response but if you notice I can also integrate with incident management or change management on any other application and request exception from incident if I open up vulnerability response integration registry this is where you will see everything that we have configured so you can see that I am I am saying that my policy exception target table is vulnerable item which means I am requesting exception for my vulnerable items I'm also saying that the entity that I need to look for for my impacted controls to be populated in the policy exception should be coming from the configuration item field so I should be looking at the configuration item field from well the table items and then look for the entities and the related controls for that I'll go ahead and show you how we are populating the control also on the policies section I think I miss that and then here I'm talking about how my vulnerability grew and we are vulnerable items are related to each other so in this case I am requesting exception from vulnerability group level but I'm except I'm requesting exception for my one variable item so that is what have we have configured and your is there you had the question edited so you can you can select the questionnaire you want you can create the questionnaire or if you don't select it it won't show up you can also configure the reason choices here so whatever you configure here will show up on the policy exception request UI so each application in or each company or customer can have a different list of reason choices right they can configure all of them here and we use the assessment designer to question your designer to create our to create our questionnaires and hours an hour yeah so it's built in which is wonderful that's cool so we had the designer you're there you can configure your questionnaire and you can create a new questionnaire these are the list of questionnaires that you can see then you have the the recent choices the default reason choices or the reason tours that you want to confer for specific application you can see that here and along with that the last thing I wanted to show go back and show was the impacted controls that you can also see and our policy exception so in this case right I have one control which is created in in my system which is for the medium risk vulnerability and it is for the entity win as we SF three three one two now when I go to vulnerable items I see that this is what I have a control creator for so through that configuration that we are seeing right now I can now automatically detect that this is the entity that I need to be looking at so any control related to that entity which is related to this control objective should be populated automatically here so you can actually see the impacted controls being populated and again when when the exception is approved you can see the exemption status change on the control as well so with that I'm going to stop here and let let anyone ask any other questions if if you have yeah move to the second feature I don't I don't see any questions right now but you know I just want to point out you know you you had briefly mentioned that this also could work for you know security incidents and and you know being able to request policy exceptions from you know these various applications from within the application is really important from a compliance standpoint because you know tracking the policy being able to request a policy exceptions tracking the policy exceptions identifying automatically when the policy exception expires and then ensuring the people are reviewing those exceptions really does help the company's overall security posture because you're not losing track of these these control failures or potential avenues for attackers by trying to remember whether or not you fixed it or when you were gonna fix it or how long it's been open or any of those things so you know this is this feature although it you know it's it's you guys have crafted it in such a simple way it actually is really important from a compliance standpoint absolutely that's absolutely okay so so it gives you that flexibility to manage any kind of exception in policy in compliance and it gives you the whole view of from the compliance point of view as well as the rest point of view how an exception can affect your risk and compliance posture yeah and people actually do get we got a comment it you know saying what a great what a great thing this is and they also mention the whole concept of reminders I mean people do get reminders when a policy is going to expire could Paul it's exception is going to expire so so yeah it's not like it sneaks up on you either so it really does keep people on task without having a lot of those manual actions that people had to do in the past it's it's automated which again from an efficiency standpoint is fabulous yeah now you're showing us the new dashboard yes this this is great because this just came out today so this is breaking news now this this one is the policy exception dashboard which I'm just trying to show but I'll get into the application on a dashboard which came out today and of it so let me go ahead and share what we have done on the application owner dashboard so the application owner - whereas today's acid is releasing today which is basically a dashboard for our cio or application owners to provide them current or most current view of the risk and compliance posture or any audit related activities which highlights basically what the compliance posture of the organization is with respect to application what is a risk posture of the applications across the organization as well as the status of the shoes remediation past policy exceptions any audit activities related to those application if they've been audited so this dashboard will give you end-to-end view from from from an I of our compliance our sorry application owner or a CIO so good further ado I'm just gonna go into instance and also show the dashboard all right so we created a new application called advanced GRC dashboard that you can see on the left hand side under which we have this application risk dashboard and what I have here is a enhanced PA dashboard with various reports related to application business application in your organization so as a CIO or application owner you could come in and you can monitor all the application in your organization you can pick and choose the application you are interested in as well or you own right and then that will reflect it on the entire dashboard so to only show you related information for the application that you chose now what I have here is the compliance of reviewed tab they were just showing me overview of the controls how they what is the status of those control the percentage of compliant and non-compliant control related to those applications in this dashboard it also shows me an application compliance summary so you can see that per application I can see that they are complying with regulations or policies in the organization and you can also see the status of compliant and non-compliant controls for each one of them so this gives you a summary of different regulation that you are complying with across Organization for all the application you can also filter based on additional criteria or so if you only interested in the application which with the business criticality is high you can filter that and look at that you can also filter based on the control owning group entity owner and also any other criteria related to control site if you are looking for just key controls then you can filter your dashboard accordingly or if you're looking for controls in specific States you can also filter it accordingly similarly we have the risk overview dashboard here which gives you again an overview of the risk related to their application so this particular heat map is the heat map for the application criticality versus the risk rating so this is telling you that your your critical there is a medium credit critical application which has a very low risk associated but there's a medium risk application or there's a very high high application that I can see your which falls under low criticality so this gives you a nice overview of that heat map and then there are various reports here another great example here is the application risk summary report which provides you summary of different applications and the business criticality related to those application along with what information object their application contains this information object is coming from RC SDM CMDB tables and it K tells me that Bob J application contains employee payroll data and which is a highly sensitive data and the risk rating related to this application I see the risk rating is pretty much high so I really want to monitor this particular application because it gives me sensitive data with high risk and I want to see what's happening and by the individual risks are high so I can actually the breakdown of defenders as well here so that is my application risk summary and the next one is the application risk mitigation control status which shows me this application has the risk rating of high or very high and it has two compliant controls but this one informatica with the score of high actually has two non-compliant controls so I definitely need to monitor this guy and along with that again you have filters right here you can choose based on risk rating criticality application owner business owner as well as the business application and of course it can choose the business application that you are interested in similarly I have a risk for shell which is more detail detail for sure around there so that this dashboard or tab gives me details around specific risks and how they are performing so you can see I have like a very high risk in my system I have high res which are 5 and I have moderators I also see how a my acceptance tasks are doing when are they expiring so I would know that this week there are two exceptions of expiring so I need to monitor and make sure in that I am actually remediating that particular risk this also gives us the trend report of the risk that the contributing list basically related with this application so this gives me the trend of various rest that the trending the trending is actually I'm imagining you know really as you get you guys get a lot of questions and requests for that trending I'm guessing because that's that's what I hear a lot and it's so valuable to see not just where you are at a point in time but also you know where you have been from a risk posture standpoint this is a you know you guys have have really targeted these various tabs to specific people predict roles but I mean this you know if people wanted to add another report or widget to this dashboard this is yes you know one of our dashboards that we've sent out before so they can easily add and customize it even further if they wanted to I'm guessing yeah and I also want to give you an example of how these dash will and how can you also see different breakdowns when you dig into one of the PA dashboards is this gives you additional breakdowns on the dashboard so you can also add additional criteria on individual PA reports and see how they are the reports are changing so it providing additional breakdown conditions on each of our PA report here and like it Teresa said you can always update it modify it add new dashboards as he proposes he like the next tab is related to the audit and what we're trying to do here is we're providing you as an application owner overview of the audits that are going on on your application or a CIO would know what are the upcoming audits what are the open issues that are related to order and I can also filter based on various things if I want to know the order engagements exactly which ones are going on I can also see based on who it is assigned to who are my audit leads that are working on these engagement are responsible for these audits you can see the view of that you can also see how many are in effect of control related to my applications how many are open audit issues are out there how many a pass new issues as well as if there any passive shows by engagement you are able to see that you're able to stack it by the same thing or different you can basically group it by already engagement and stack it by a different criteria here so you can say what are the different criterias what is the status of the issues if they've been resolved or not and then finally we also have a breakdown of ineffective controls by engagement so you can see for application the business criticality is high here in for example and this ID review is quarter to engagement or it is going on on this application the plan start and end date of the order engagement here and it also tells me how many controls are ineffective as part of the audit for related in this application so it gives me review of the entire end-to-end or it and what what I need to manage from my perspective as an application owner or CIO what do I need to monitor so this is this is all is given to me also as an application owner you would not have access to actual audits so this is just giving you overview of the audit but if I try to dig into an audit I won't be able to access it unless I am NOT an auditor so we have taken care of all the securities as well to make sure that you'd be able to see the view but you'll be able to access only the data that you can access and next tab is around the policy exception so this is basically you can relate it to now since the event over it so it actually gives me overview of what are the new exceptions that have been created against my application how many are approved versus how many are rejected how many are expired it also gives me exceptions that are awaiting approval and their view in today this week this month or quarter it also gives me extensions that are awaiting approvals or if there any upcoming exception expiry expiration so someone mentioned in the chat right there are email notification giving you a reminder of the exception this dashboard is also giving you that overview of the expiring exceptions that you can monitor on this particular report is giving you overview of number of exceptions that have been requested versus number of exception of approved every month and it can of course skew it how we want like three months over six months you're today all of them and last but not the least is the issues overview so this is giving you overview of all that all your risk in compliance issues so it's going to give you information around the open issues critical high priority issues the issues that have been accepted and the issues that are passed you they it also tells gives you a report around issues that have to be resolved this week today so it gives you the by due date when do you need to resolve their shoes the remediation tasks that need to be completed and if the any past you issues or past your remediation tasks you also get a view of that and you can of course dig into it and also see additional criteria or additional breakdown there like I was saying if you want to see who's the issue owner to check who is lagging behind you can also monitor that here and so it really keeps people on on task we had a we had a question in the chat about getting getting these new features and I think it's good it's a good time to remind people that the the risk products you know policy compliance risk gulnur ability responsibilities Lana sorry vendor risk but also this crazy stuff the vulnerability response stuff also is from security operations is all on the store so when we come out with these new features what that means for everybody listening is that you can get them immediately if you already have an instance that includes that application so it's it's a it's a great way to take advantage of new features they're coming out in between the big platform releases and then of course when we do release Paris in September this feature will be tested and available on that apt on that platform also but you can get it now with your existing installed instance yep absolutely so since you have nine more minutes left I'm going to quickly jump into audit manager not who is it and this anyone has question on this one I don't think we have any questions um you know the question is also around documentation and actually I'm not sure do you know if the documentation is being updated today for this dashboards or if it's gonna be happening in the Paris time frame no documentation will be available I can double-check but yeah they should be as easy yeah I thought so too so yeah so as soon as the new features come out the documentation should be up letting you know give us a if there is some kind of a lag you know give us a you know give us a day but you know we do strive to have them available as soon as the new diet features push out yeah all right so lastly the audit manager dashboard so again we are providing your the old view of the audit engagements and ordered activities to audit managers where they can see overview of open various open and closed engagements overview of audit tasks and controls test status as well as issue remediation tasks and there's some data quality items as well so with that I'm just gonna go ahead and show the dashboard real quick that dashboard is available under audit application and you'll see the audit manager dashboard when months install this new advanced GRC dashboard fuggin here is where you can see the old view of the engagements that are happening the audit tasks are happening across issues remediation tasks close-order across by month basically so you can see the over fall of them again we have different filters you can you can filter based on the audit engagement date or the audit lead and see what's happening there I can also filter out certain things by clicking on these options here the audit engagement - report - for KC overview of all the open audits and the past orders upcoming audits that are happening again you have different filters or stag by condition users that you can filter the audit reports on you also have the audits around what the audits that have been started already and the orders that are closed so it will give you as the the audit that have been closed you can group it by result so you can see in adequate inadequate or satisfactory audits and can if you want you can also choose the assigned to or audit need to see the different audits and ordered needs then you have task management tab here which gives you a summary of all the audit tasks that are happening act about it tasks passed you order tasks the tasks that are due this week or any upcoming tasks also there are some interesting reports here which will help the audit manager to provide incentives to their team members to complete their audit and tasks on time so it gives you report of tasks that have been completed on time that the tasks that have been completed after the plan ended so these are the people who are lagging a little bit behind and then just a summary of all the tiles that have been completed by task type so you can see the control test activity interview walkthroughs that have been completed we have similar and of course you can filter based on the task type yours if you want to just look at the interviews related tasks you can filter that if you want to just look at the control tests you can also virtu that there are other filters available as well and we have a separate control testing tasks because control testing is done more frequently that's why we just created a similar dashboard fault control testing where you can see all the control tests which are active past you that are that are due this week of coming tasks again same thing the tasks that have been completed on time and have completed after the planned date and the open tasks by different weeks and the completed tasks by month then this is the issue stars which is also useful for the audit manager to monitor all the open issues as to issues issues that are awaiting response so it's been assigned to these people but they've not responded to them yet issues that are due this week upcoming issues for owner and then you again issues that are completed before plan date are completed after plan D completed on time and completed by months so this is this will help you look at how your team is performing and you can manage the work that is assigned out to your team similarly we have a we have various reports on the remediation tasks here are very similar reports like issues anything that is open past you upcoming or that are completed on time before time after completion of plan and date so again you can monitor the remediation owners and how their they are working on it remediation and task furnace and then lastly we have this data quality tab which also helps or it manager to in general maintain quality of data in the system so it it gives them view of say if their in order tasks which have not been assigned to anyone yet they can go and assign them out they can see all red active audits with no description written forward so they can go ahead and do it they can see design tests with no results yet provided so you can go back and check what's happening there if there are any issues with no remediation tasks issues with no assign to person or group so all of these will generally just help them manage their data quality in general so this is the overview of audit manager dashboard let me know if you have any questions any comments any feedback on any of the features now I'm not seeing any questions and I'm actually really really excited about the all the dashboard features that help people stay on task and identify where there might be actions that are needed because I think that's the stuff that falls through the cracks so easily because people are just so busy so having that right in front of you so that you can take action I think is is gonna be a huge time saver and it's gonna help people organize their audits and even policy collection of any evidence and and all of that a lot easier and then the trending you know being able to see you know where are you have been are you trending up or you trending down do we need to take action are we doing great that those super ports are actually things that are shared at higher levels in the organization too so I'm just really excited to see all that so I'm hoping the customers that could watch this are equally excited I think the question came in and it seems like it was answered this releases in Orlando or Paris and then someone answered it is in both Orlando exactly it's available now so if you've got an Orlando instance you can absolutely update into your Orlando instance and it will be tested and ready for you in Paris any more questions really quick before we close this out it doesn't look like it if questions are thought of and and our attendees like to post them on the community and our experts will go and answer them for you so Teresa will be on that right and yeah make sure that they get answered the new sure you get everybody on that so yeah please do please connect with us on the community we do monitor it we do answer questions we've got some places for you to look here you can check out the rest of the products and our integrated risk portfolio again the community link is here please connect so the connectors is on the community and then the ask the experts links to all the cool videos that we have done we are so very happy that you joined us we want to see you again on another ask the experts and thank you Anna Sheree for a wonderful demo thank you Tom thank you everyone all right thank you so much and we'll see you again soon