ServiceNow workflow offers a myriad of ways to connect people, functions, and systems across platforms, and the platform’s newest Quebec release offers some updates that are particularly exciting for those in the GRC space.

Cential is excited to expand our experience and expertise with the ServiceNow platform following the hiring of Senior Manager Roy Verrips.

The ServiceNow GRC module serves a niche audience within the wider landscape of GRC tools available today. Most ServiceNow implementations for IT Services will include their robust Hardware and Software Asset management tooling, which feeds into a Configuration Management Database (i.e., CMDB).

The ServiceNow GRC module integrates on this low level of the CMDB resulting in a very different implementation with specific nuances that Cential often needs to assist our customers in when reconciling with higher-level GRC principles. However, the platform then integrates seamlessly after the initial implementation process.

Quebec Release

In regards to the newest Quebec release, we wanted to share a few exciting thoughts on how this release pertains to GRC: predictive intelligence, an audit management model, remote table caching, and continuous authorization and monitoring.

Predictive Intelligence

By leveraging artificial intelligence and machine learning, ServiceNow is able to further help in identifying and grouping similar issues and suggest remediation actions to solve these issues. 

Audit Management Model

Auditors and compliance teams can use an evidence request workflow to require evidence to support audit conclusions. Information, such as accounting records and proof of implemented controls, is collected from the first line of defense.

Remote Table Caching

It is now much easier to efficiently connect the ServiceNow platform to third-party sources in order to retrieve external data such as controls in a third-party GRC tool, with the data being available almost immediately.

Continuous Authorization and Monitoring

ServiceNow has the ability to apply controls as devices or services added to your environment on an ongoing basis, and then removing them as the devices or services are subsequently removed, allowing for ongoing monitoring and controls as the hardware and software environment changes within the organization.

With the Quebec release, the ability now exists to further have requests for authorization and/or approval of these controls automated, resulting in an overall continuous authorization and monitoring workflow.

These updates will assist clients as they continue to build a holistic, transformative risk management approach.

For questions on ServiceNow, the Quebec release, or any other GRC platform, contact us here.