logo

NJP

← Back to News

New GRC users have questions, GRC experts provide answers.

Import · Jun 18, 2020 · article

New GRC users have a lot to learn to make the best of the GRC product for their own particular use cases.​

"After playing in GRC for a couple weeks and going through the various training materials, I have a few questions."​

We recommend to select and hire an implementation partner, to take the recommended training, to view the free tutorials available on the community but there are always questions that linger, clarifications that are needed to really feel comfortable with the various features of the product.

With the help of GRC community experts, we take a look at some of these questions.

Video contents:

00:01 Introductions

01:16 Is it normal/acceptable to NOT have Controls assigned to every entity in an entity type? Tip: Control Owners can remove Controls attributed to them because of an Entity Type. Not typical.

04:18 Is it normal/acceptable to have a lot of Entity Types? Tip: Start simple, "crawl, walk, run ".

05:50 It doesn’t look like any authority documents/citations were loaded with the SOX Content pack.

06:47 Entity Filters - I’m having trouble understanding their purpose, and what is the impact if the filters aren’t created? Tips: Use Entity Filters to create new Entities (beyond those that are provided). It is possible to have more than one Entity Filter.

09:42 Entity Classes - Are these just an additional reporting/filtering aid or do they play any additional roles? Workbench is a very powerful tool that leverages Entity Classes. Entity Classes are first used for reporting. Entity Classes are also used to build a representation of the aggregation journey. Link Entity Classes so they roll up through the organization (using workbench).

14:09 Have you seen any other companies start with their risk framework in determining their use cases/phases and/or what pitfalls do you see with this approach? Tip: Build your data and system so they can be used for future use cases. Tip: Undertake a GRC readiness Assessment (check the tutorial on the forum).

20:27 There was an error message at the top of the Authority Documents screen “Invalid policy or risk framework”. Is this an error you’re familiar with?

21:32 Conclusion

Many thanks to Eric Le Martret, Raphaël Cardoso and Jagan Rao.

View original source

https://www.servicenow.com/community/new-customers-policy-risk/new-grc-users-have-questions-grc-experts-provide-answers/ta-p/2314062