I’m Tamara Sylte, a Solution Architect for Security, Risk, and Resilience (SR&R) at NewRocket, and I’m excited to bring you highlights from our list of favorites for Vancouver! There’s a lot to cover so let’s get going!
#5 Next Experience GRC Improves Users’ Experience and Puts GRC into the Palm of Your Hand
You might think this an odd entry for SR&R, but user experience is a key factor in generating engagement in a product and process. A good user experience or UX (like the GRC workspaces) will boost productivity and draw users into the work they need to complete, providing easy-to-use tools to do just that.
With the Vancouver release, ServiceNow brings its A-game to the table with new workspaces and redesigned record pages!
What it is
- The GRC Next Experience is now available on Mobile GRC!
- The Business Continuity Management (BCM) workspace is now available as a configurable workspace. See more details further in this article!
- New record page templates are delivered across the workspaces.
Why it matters
A great user experience boosts productivity, employee retention, promotes brand loyalty and when well implemented, provides a seamless environment across devices.
With Mobile GRC & Next Experience, give your SR&R staff the opportunity to work anywhere, anytime, with a seamless interface.
With the new workspace record page, you can more readily customize the workspace to suit your unique business processes. Build out the intuitive flow of the GRC workspaces to include specialized tasks for your team!
How it works
If you haven’t enabled Next Experience for your instance, now is the time! You will experience a flow across supported GRC modules.
Your development team will use UI Builder and the vast SN knowledge to enhance the out-of-box workspaces.
Included in all this is an enhancement for accessibility – dark theme is now supported for Mobile GRC!
#4 Increased Configurability and User Experience with a new BCM workspace!
What it is
Building on all the great features and design work ServiceNow has poured into workspaces, you can now easily configure the BCM workspace with the new record page and all other configuration options. The new workspace has other benefits over the classic workspace for BCM including management of crisis events, business impact analysis, planning, and exercises from an interactive landing page, responding to Crisis map alerts, and using the 360º visualization of relationships throughout the module.
Why it matters
The critical functions of Business Continuity Management are made simpler and more efficient with the enhanced flow of work, the ease of identifying crises graphically and all the other great features that make the user experience one to remember.
How it works
Update BCM and the Crisis Map to the Vancouver release. Next, configure users with access to the workspace. Finally, give your developers requirements for record page configurations to make the workspace your own!
#3 Achieve Your Target Risk Levels, Improved Assessment Flexibility, & More with Advanced Risk
Vancouver brings significant features to Advanced Risk, making it my #3 choice in the new GRC offerings.
What it is
- Target risk assessments can be created to define your desired future risk level and used to track progress in a heat map.
- A guided playbook integration helps create risk assessment scopes and schedule assessments.
- Risk administrators can provide more flexibility in the configuration of Risk Assessment forms – from changes as simple as labels to those as complicated as scripted calculations of scores.
- Respond and approve in bulk using the grid interface.
Why it matters
Target risk levels can better guide the organization in identification and treatment of risk. Address areas with the largest gaps between residual and target risk and know when enough remediation has been done. Track the overall move towards desired future state with the Target displayed on the heat map.
Playbook integration for assessment scheduling and the new capability for very specific configuration of assessments are both powerful tools for managing the critical function of collecting risk evaluations from the business. Along with bulk approval and response grid for metric tasks, and the Risk workspace, the Risk Manager is empowered to better assess and report Risk.
How it works
These features each require some configuration and enablement for the Risk team. Be sure to review the documentation updates to get going!
- Implement Bulk Response and Approval
- Create a Risk Assessment Scope and Schedule Risk Assessments in the Risk Workspace with the guided experience by the playbook integration
#2 Vendor Risk Management – Now TPRM – Adds Due Diligence
VRM gets a new name: Third Party Risk Management! Within this paradigm shift, a new process has been added for a Due Diligence workflow, pulling the entire company into the process of finding suppliers and vendors who best match your security profile.
What it is
The shift in paradigm provides the ability to assess a much wider range of third-party entities that your business engages with. Targeted processes such as onboarding, offboarding, and contract renewal start from the first Due Diligence request.
The Due Diligence workflow starts with a simple request form from the Employee Center. From there the Third-Party Risk Manager can process the request through the IRQ (Internal Risk assessment Questionnaire) and any required external assessments.
Why it matters
Conduct a Due Diligence process to thoroughly understand and address any risks that might be included in the relationship. This TPRM feature allows the entire business to participate in the process in an easy-to-understand but comprehensive way.
How it works
- Any employee at your organization requests due diligence for a third-party engagement from the Employee Center, providing information about the potential engagement for a product or service.
- The TPR manager scopes the request, updates it as needed, and ultimately approves or rejects it.
- Multiple IRQ and external assessments support the multitude of needs your company has for Third Party evaluation.
#1 A New App! Compliance Case Management
Everyone loves a new app – and this one meets a need for Compliance that’s previously only been possible with custom extensions.
What it is
- A business user can open the Compliance Case or Compliance Request form from the Employee Center.
- The Compliance Manager follows up to investigate, report or resolve compliance cases, or to address requests and complaints.
Why it matters
Compliance cases and compliance requests give your organization the ability to provide input from the first line of defense and the front lines. Policy change suggestions and compliance violations can be reported using a simple form in the Employee Center. Workflows can be configured to manage the process the Case team uses. Ultimately violations are curbed quickly and documents evolve through a cross-departmental process to ensure all are up to date and issues have been resolved.
How it works
- Open a compliance case to report a compliance violation.
- A business user can report a case in the Employee Center application.
- A business user can report a case in the Employee Center application.
- A compliance case team can report cases in the Compliance Workspace application.
- Raise a compliance request, such as policy modifications, clarifications, or inquiries.
- Members of the Compliance Case teams use the Compliance Workspace to plan, manage and monitor through to resolution based on custom workflows.
In Summary
Wow, you’ve just completed a whirlwind tour of 5 exciting new offerings! This is just a sampling of the new and enhanced GRC features in the Vancouver release. Be sure to stop by the release notes and see what else is available!