<h2>Governance, Risk, and Compliance</h2><br/><div style="overflow-x:auto"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta content="text/html; charset=UTF-8" /><meta name="copyright" content="(C) Copyright 2024" /><meta name="DC.rights.owner" content="(C) Copyright 2024" /><meta name="generator" content="DITA-OT" /><meta name="DC.type" content="reference" /><meta name="DC.title" content="Governance, Risk, and Compliance" /><meta name="abstract" content="Respond to business risks in real time. Connect security and IT with an integrated risk program offering continuous monitoring, prioritization, and automation." /><meta name="description" content="Respond to business risks in real time. Connect security and IT with an integrated risk program offering continuous monitoring, prioritization, and automation." /><meta name="DC.creator" content="Deepali Chatterjee" /><meta name="DC.creator" content="Lisa Hultman" /><meta name="DC.creator" content="ServiceNow" /><meta name="DC.date.created" content="2023-08-03" /><meta name="DC.date.modified" content="2023-08-03" /><meta name="DC.format" content="XHTML" /><meta name="DC.identifier" content="r_WhatIsGRC" /><link rel="stylesheet" type="text/css" href="../../../CSS/commonltr.css" /><title>Governance, Risk, and Compliance</title></head><body class="overview" id="r_WhatIsGRC"> <h1 class="title topictitle1" id="ariaid-title1"><span class="ph">Governance, Risk, and Compliance</span></h1> <div class="body refbody"><p class="shortdesc">Respond to business risks in real time. Connect security and IT with an integrated risk program offering continuous monitoring, prioritization, and automation.</p> <div class="section" id="r_WhatIsGRC__section_xxs_dj1_pjb"><h2 class="title sectiontitle"><span class="ph">Governance, Risk, and Compliance</span> applications</h2> <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="r_WhatIsGRC__table_iwv_lpv_klb" class="table nav-card" frame="void" border="1" rules="all"><colgroup><col style="width:33.33333333333333%" /><col style="width:33.33333333333333%" /><col style="width:33.33333333333333%" /></colgroup><tbody class="tbody"><tr class="row"><td class="entry nocellnorowborder" style="vertical-align:top;"><p class="p"><a class="xref" href="../../grc-audit/concept/c_GRCAudits.html" title="The ServiceNow Audit Management application involves a set of activities related to planning audit engagements, executing engagements, and reporting findings to the audit committee and executive board. Engagement reporting assures key stakeholders that the organization's risk and compliance management strategy is effective."><span class="ph nav-card-title"><span class="ph">Audit Management</span></span> <img class="image decorative" id="r_WhatIsGRC__image_tyn_p1t_dyb" src="../image/app-audit-mgt.png" alt="" /><span class="ph">Use risk data to scope and prioritize audit plans and automate cross-functional processes.</span></a></p> </td><td class="entry nocellnorowborder" style="vertical-align:top;"><p class="p"><a class="xref" href="../../grc-business-continuity-management/concept/business-continuity-mangmt-overview.html" title="ServiceNow Business Continuity Management application gives your organization the capability to continue to deliver products and services at an acceptable level when a disruptive incident occurs. The ongoing activities of this application are aimed to reduce the operational risks and improve your organizational ability to respond, react, and recover from issues and disruptions."><span class="ph nav-card-title"><span class="ph">Business Continuity Management</span></span> <img class="image decorative" id="r_WhatIsGRC__image_tyn_p1t_dyc" src="../image/app-bcm.png" alt="" /><span class="ph">Plan, exercise, and recover from disasters effectively and efficiently.</span></a></p> </td><td class="entry nocellnorowborder" style="vertical-align:top;"><p class="p"><a class="xref" href="../../grc-compliance-case-mgmt/concept/compliance-case-management.html" title="Report, investigate, analyze, and resolve a compliance case or raise compliance request by using the ServiceNow GRC: Compliance Case Management application."><span class="ph nav-card-title"><span class="ph">Compliance Case Management</span></span> <img class="image decorative" id="r_WhatIsGRC__image_tyn_p1t_dyd" src="../image/app-ccm.png" alt="" /><span class="ph">Report, investigate, analyze, and resolve compliance cases.</span></a></p> </td></tr><tr class="row"><td class="entry nocellnorowborder" style="vertical-align:top;"><p class="p"><a class="xref" href="../../grc-cam/reference/grc-cam-landing-page.html" title="Continuous Authorization and Monitoring employs the seven steps defined by the RMF to allow you to make better-informed decisions about your security posture."><span class="ph nav-card-title"><span class="ph">Continuous Authorization and Monitoring</span></span> <img class="image decorative" id="r_WhatIsGRC__image_tyn_p1t_dye" src="../image/app-cam.png" alt="" /><span class="ph">Accelerate the process of bringing IT systems online and continuously monitoring them.</span></a></p> </td><td class="entry nocellnorowborder" style="vertical-align:top;"><p class="p"><a class="xref" href="../../grc-operational-res/reference/grc-opres-landing-page.html" title="Operational Resilience is the ability of an organization to respond to the adverse operational events by anticipating, preventing, recovering from, and adapting to such events."><span class="ph nav-card-title"><span class="ph">Operational Resilience</span></span> <img class="image decorative" id="r_WhatIsGRC__image_tyn_p1t_dyg" src="../image/app-op-res.png" alt="" /><span class="ph">Gain real-time visibility into the resilience of your technology, people, processes, and facilities.</span></a></p> </td><td class="entry nocellnorowborder" style="vertical-align:top;"><p class="p"><a class="xref" href="../../grc-policy-and-compliance/reference/r_PolicyComplianceMgmt.html" title="The ServiceNow Policy and Compliance Management product provides a centralized process for creating and managing policies, standards, and internal control procedures that are cross-mapped to external regulations and benchmarks. Additionally, the application provides structured workflows for the identification, assessment, and continuous monitoring of control activities."><span class="ph nav-card-title"><span class="ph">Policy and Compliance Management</span></span> <img class="image decorative" id="r_WhatIsGRC__image_tyn_p1t_dyh" src="../image/app-policy-compliance-mgt.png" alt="" /><span class="ph">Automate and manage policy life-cycles and continuously monitor for compliance.</span></a></p> </td></tr><tr class="row"><td class="entry nocellnorowborder" style="vertical-align:top;"><p class="p"><a class="xref" href="../../grc-privacy-management/concept/privacy-management.html" title="Use the Governance, Risk, and Compliance: Privacy Management application to help protect your customers, employees, and suppliers with integrated data privacy risk and compliance management solutions and privacy by design concepts."><span class="ph nav-card-title"><span class="ph">Privacy Management</span></span> <img class="image decorative" id="r_WhatIsGRC__image_tyn_p1t_dyi" src="../image/app-privacy-mgt.png" alt="" /><span class="ph">Manage privacy risk and compliance across the enterprise in real time.</span></a></p> </td><td class="entry nocellnorowborder" style="vertical-align:top;"><p class="p"><a class="xref" href="../../grc-rcm/reference/reg-change-mgmt-landing-page.html" title="The ServiceNow Regulatory Change Management application enables you to check upcoming regulatory changes, assess their impact, and implement risk and compliance-related changes. The application ensures overall regulatory compliance."><span class="ph nav-card-title"><span class="ph">Regulatory Change Management</span></span> <img class="image decorative" id="r_WhatIsGRC__image_tyn_p1t_dyj" src="../image/app-rcm.png" alt="" /><span class="ph">Keep pace with today's complex regulatory landscape with integration to leading content providers.</span></a></p> </td><td class="entry nocellnorowborder" style="vertical-align:top;"><p class="p"><a class="xref" href="../../grc-risk/concept/grc-risk-overview.html" title="Use the Governance, Risk, and Compliance: Risk Management application to continuously monitor to identify high-impact risks, improve your risk-based decision-making, and reduce reaction time effectively. The application also provides structured workflows for the management of risk assessments, risk indicators, and risk issues."><span class="ph nav-card-title"><span class="ph">Risk Management</span></span> <img class="image decorative" id="r_WhatIsGRC__image_tyn_p1t_dyk" src="../image/app-risk-mgt.png" alt="" /><span class="ph">Enable fine-grained business impact analysis to appropriately prioritize and respond to risks.</span></a></p> </td></tr><tr class="row"><td class="entry nocellnorowborder" style="vertical-align:top;"><p class="p"><a class="xref" href="../../grc-vendor-risk/concept/third-party-risk-mgt-landing-page.html" title="The ServiceNow GRC: Third-party Risk Management (TPRM) application enables you to proactively identify, assess, and mitigate risks that are associated with your third-party relationships. TPRM provides a centralized process for managing your portfolio of third parties, assessing and scoring risk, and performing remediation."><span class="ph nav-card-title"><span class="ph">Third-party Risk Management</span></span> <img class="image decorative" id="r_WhatIsGRC__image_tyn_p1t_dyl" src="../image/app-tprm.png" alt="" /><span class="ph">Continuously monitor, detect, assess, mitigate, and remediate risks in third-party ecosystems.</span></a></p> </td><td class="entry nocellnorowborder" style="vertical-align:top;"><p class="p"><span class="ph nav-card-title">Common <span class="ph">GRC</span> features</span><a class="xref" href="../concept/common-grc-features.html" title="Each of the four main Governance, Risk, and Compliance applications have unique features and capabilities. Additionally, there are many features that are common to all GRC applications."><img class="image decorative" id="r_WhatIsGRC__image_tyn_p1t_dyf" src="../image/app-grc-core.png" alt="" /><span class="ph">Leverage the power of entities, 360 degree views, the tasks landing page, and security features across GRC products. </span></a></p> </td><td class="entry nocellnorowborder" style="vertical-align:top;"> </td></tr></tbody></table> </div> </div> <div class="section" id="r_WhatIsGRC__section_tcm_hsr_ckb"><h2 class="title sectiontitle">Request apps on the Store</h2> <p class="p"><span class="ph" id="r_WhatIsGRC__inline-send-to-store">Visit the <a class="xref" href="https://store.servicenow.com/sn_appstore_store.do#!/store/home" target="_blank" rel="noopener noreferrer"><span class="ph">ServiceNow Store</span></a> website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the <a class="xref" href="https://docs.servicenow.com/bundle/store-release-notes/page/release-notes/store/sn-store-release-notes.html" target="_blank" rel="noopener noreferrer"><span class="ph">ServiceNow Store</span> version history release notes</a>.</span></p> </div> <div class="section" id="r_WhatIsGRC__section_kys_xfv_rjb"><h2 class="title sectiontitle">Respond to business risks in real time with <span class="ph">ServiceNow</span> <span class="ph">GRC</span></h2> <p class="p"><span class="ph">ServiceNow</span> <span class="ph">Governance, Risk, and Compliance</span> (<span class="ph">GRC</span>) helps transform inefficient processes across your extended enterprise into an integrated risk program. Through continuous monitoring and automation, the <span class="ph">GRC</span> applications deliver a real time view of compliance and risk, improve decision making, and increase performance across your organization and with vendors.</p> <p class="p">Only <span class="ph">ServiceNow</span> applications can connect the business, security, and IT with an integrated risk framework that transforms manual, siloed, and inefficient processes into a unified program that is built on a single platform.</p> <p class="p"><a class="xref" href="https://downloads.docs.servicenow.com/resource/enus/infocard/grc_statcard_infographic.pdf" target="_blank" rel="noopener noreferrer">View and download the full info card</a> for a highlight of <span class="ph">GRC</span> features.</p> <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="r_WhatIsGRC__table_uw5_lxw_sjb" class="table" frame="border" border="1" rules="all"><colgroup><col style="width:18.148820326678766%" /><col style="width:81.85117967332123%" /></colgroup><tbody class="tbody"><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;"><img class="image" id="r_WhatIsGRC__image_mzb_4s5_1lb" src="../image/erm-icon.png" alt="Emergency Response Management" /></td><td class="entry cellrowborder" style="vertical-align:top;"><dl class="dl"><dt class="dt dlterm">Streamline and automate activities in the face of an emergency</dt><dd class="dd"><p class="p">Mobilize your business continuity efforts during natural disasters and pandemics like COVID-19.</p> </dd></dl> </td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;"><img class="image" id="r_WhatIsGRC__image_kmw_mwv_bkb" src="../image/wrench.png" alt="Automate and manage" /></td><td class="entry cellrowborder" style="vertical-align:top;"><dl class="dl"><dt class="dt dlterm">Automate and manage policy life cycles and continuously monitor for compliance.</dt><dd class="dd"><p class="p">It makes perfect sense to embrace a single platform that can make all compliance efforts more organized, simpler, more transparent, and highly reliable.</p> </dd></dl> </td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;"><img class="image" id="r_WhatIsGRC__image_o2m_zwv_bkb" src="../image/mag_glass.png" alt="Risk Management" /></td><td class="entry cellrowborder" style="vertical-align:top;"><dl class="dl"><dt class="dt dlterm">Enable fine-grained business impact analysis to appropriately prioritize and respond to risks.</dt><dd class="dd"><p class="p">Respond to business risks in real-time with integrated risk management.</p> </dd></dl> </td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;"><img class="image" id="r_WhatIsGRC__image_ehm_cxv_bkb" src="../image/clipbrd.png" alt="Audit Management" /></td><td class="entry cellrowborder" style="vertical-align:top;"><dl class="dl"><dt class="dt dlterm">Use risk data to scope and prioritize audit plans and automate cross-functional processes.</dt><dd class="dd"><p class="p">Reduce audit costs, improve efficiency, and minimize risk.</p> </dd></dl> </td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;"><img class="image" id="r_WhatIsGRC__image_wnn_fxv_bkb" src="../image/dollar.png" alt="Vendor Risk Management" /></td><td class="entry cellrowborder" style="vertical-align:top;"><dl class="dl"><dt class="dt dlterm">Continuously monitor, detect, assess, mitigate, and remediate risk in vendor ecosystems.</dt><dd class="dd"><p class="p">As your vendors become privy to more of your sensitive systems and data, their risk and compliance posture becomes even more important to your security. It's important to assess your vendors regularly and proactively mitigate any issues that arise.</p> </dd></dl> </td></tr></tbody></table> </div> </div> <div class="section" id="r_WhatIsGRC__section_tzz_1kr_qjb"><h2 class="title sectiontitle">Automate and manage policy life cycles and continuously monitor for compliance</h2> <img class="image" id="r_WhatIsGRC__image_ksr_b5s_1kb" src="../image/policy-compliance-servicenow-solution.png" alt="Policy and Compliance Management" /> <p class="p"><span class="ph" id="r_WhatIsGRC__ph_PCMgmtDescrip">The <span class="ph">ServiceNow®</span> <span class="ph">Policy and Compliance Management</span> product provides a centralized process for creating and managing policies, standards, and internal control procedures. The process automatically cross-maps the procedures to external regulations. Also, the application provides structured workflows for the identification, assessment, and continuous monitoring of control activities.</span></p> </div> <div class="section" id="r_WhatIsGRC__section_jzr_jmr_qjb"><h2 class="title sectiontitle">Enable fine-grained business impact analysis to appropriately prioritize and respond to risks</h2> <img class="image" id="r_WhatIsGRC__image_ugt_4ys_1kb" src="../image/risk-servicenow-solution.png" alt="Risk Management" /> <p class="p">The <span class="ph">ServiceNow</span> <span class="ph">Risk Management</span> product provides a centralized process to identify, assess, respond to, and continuously monitor Enterprise and IT risks that may negatively impact business operations. The application also provides structured workflows for the management of risk assessments, risk indicators, and risk issues.</p> </div> <div class="section" id="r_WhatIsGRC__section_z1v_jkr_qjb"><h2 class="title sectiontitle">Use risk data to scope and prioritize audit plans and automate cross-functional processes</h2> <img class="image" id="r_WhatIsGRC__image_clp_j1t_1kb" src="../image/audit-servicenow-solution.png" alt="Audit Management" /> <p class="p">The <span class="ph">ServiceNow</span> <span class="ph">Audit Management</span> product automates the work streams of internal audits teams, optimizing resources and productivity, and eliminating recurring audit findings. <span class="ph">Audit Management</span> uses compliance and risk data to scope, plan, and prioritize audit engagements. The ongoing review of policies and procedures, risks, and control breakdowns provide an opportunity for fixing issues before they become audit failures.</p> <p class="p">The <span class="ph">ServiceNow</span> <span class="ph">Regulatory Change Management</span> application empowers the customers to check upcoming regulatory changes, assess their impact, and implement risk and compliance related changes, ensuring overall regulatory compliance.</p> </div> <div class="section" id="r_WhatIsGRC__section_v2b_jy1_yjb"><h2 class="title sectiontitle">Continuously monitor, detect, assess, mitigate, and remediate risk in vendor ecosystems</h2> <p class="p">As your vendors become privy to more of your sensitive systems and data, their risk and compliance posture becomes even more important to your security. It's important to assess your vendors regularly, but until now, it has been a time-consuming and error-prone exercise comprised of spreadsheets, email, and rudimentary legacy risk management tools.</p> <p class="p">The <span class="ph">Vendor Risk Management</span> application transforms the way you manage vendor risk through vital reporting of vendor risk and issues, a consistent assessment and remediation process, and automated assessment procedures. It provides a means to facilitate stakeholder interactions, drive transparency and accountability, and effectively monitor vendor-related risks.</p> <p class="p">By aligning <span class="ph">Vendor Risk Management</span> with overall enterprise risk management priorities, you can create an essential integrated view of risk and a stronger extended enterprise risk posture.</p> </div> <div class="section" id="r_WhatIsGRC__section_nkg_gl3_5rb"><h2 class="title sectiontitle">Learn</h2> <div class="p"><ul class="ul" id="r_WhatIsGRC__ul_q4v_hl3_5rb"><li class="li"><a class="xref" href="https://www.servicenow.com/products/governance-risk-and-compliance/what-is-business-continuity-plan.html" target="_blank" rel="noopener noreferrer">What is a business continuity plan?</a></li><li class="li"><a class="xref" href="https://www.servicenow.com/products/governance-risk-and-compliance/what-is-business-resilience.html" target="_blank" rel="noopener noreferrer">What is business resilience?</a></li><li class="li"><a class="xref" href="https://www.servicenow.com/products/governance-risk-and-compliance/what-is-compliance-management.html" target="_blank" rel="noopener noreferrer">What is Compliance Management?</a></li><li class="li"><a class="xref" href="https://www.servicenow.com/products/governance-risk-and-compliance/what-is-grc.html" target="_blank" rel="noopener noreferrer">What is GRC?</a></li><li class="li"><a class="xref" href="https://www.servicenow.com/products/governance-risk-and-compliance/what-is-operational-resilience.html" target="_blank" rel="noopener noreferrer">What is operational resilience?</a></li><li class="li"><a class="xref" href="https://www.servicenow.com/products/governance-risk-and-compliance/what-is-operational-risk-management.html" target="_blank" rel="noopener noreferrer">What is operational risk management?</a></li><li class="li"><a class="xref" href="https://www.servicenow.com/products/governance-risk-and-compliance/what-is-ransomware.html" target="_blank" rel="noopener noreferrer">What is ransomware?</a></li><li class="li"><a class="xref" href="https://www.servicenow.com/products/governance-risk-and-compliance/what-is-third-party-risk-management.html" target="_blank" rel="noopener noreferrer">What is third party risk management (TPRM)?</a></li></ul> </div> </div> <div class="section" id="r_WhatIsGRC__section_pqm_vfr_qjb"><h2 class="title sectiontitle">Get started</h2> <ul class="ul" id="r_WhatIsGRC__ul_bpv_zmr_sjb"><li class="li">Work with an implementation specialist to achieve your desired business outcomes. To learn more, visit the <a class="xref" href="https://www.servicenow.com/success.html" target="_blank" rel="noopener noreferrer">Customer Success Center</a>.</li><li class="li">Take a <span class="ph">Governance, Risk, and Compliance</span> course to build expertise and realize ROI faster. To sign up, see <a class="xref" href="https://www.servicenow.com/services/training-and-certification.html" target="_blank" rel="noopener noreferrer">ServiceNow training and certification</a>.</li></ul> </div> <div class="section products-list" id="r_WhatIsGRC__section_vpq_1j1_pjb"><h2 class="title sectiontitle">Applications and features</h2> <div class="p"><ul class="ul" id="r_WhatIsGRC__ul_od3_cj1_pjb"><li class="li"><a class="xref" href="../../grc-audit/concept/c_GRCAudits.html" title="The ServiceNow Audit Management application involves a set of activities related to planning audit engagements, executing engagements, and reporting findings to the audit committee and executive board. Engagement reporting assures key stakeholders that the organization's risk and compliance management strategy is effective.">Audit Management</a></li><li class="li"><a class="xref" href="../../grc-business-continuity-management/concept/business-continuity-mangmt-overview.html" title="ServiceNow Business Continuity Management application gives your organization the capability to continue to deliver products and services at an acceptable level when a disruptive incident occurs. The ongoing activities of this application are aimed to reduce the operational risks and improve your organizational ability to respond, react, and recover from issues and disruptions.">Business Continuity Management</a></li><li class="li"><a class="xref" href="../../grc-compliance-case-mgmt/concept/compliance-case-management.html" title="Report, investigate, analyze, and resolve a compliance case or raise compliance request by using the ServiceNow GRC: Compliance Case Management application.">Compliance Case Management</a></li><li class="li"><a class="xref" href="../../grc-cam/concept/what_is_cam.html" title="The ServiceNow Continuous Authorization and Monitoring application (CAM for short) applies a standardized approach to automating NIST's Risk Management Framework (RMF).">Continuous Authorization & Monitoring</a></li><li class="li"><a class="xref" href="../../grc-operational-res/reference/grc-opres-landing-page.html" title="Operational Resilience is the ability of an organization to respond to the adverse operational events by anticipating, preventing, recovering from, and adapting to such events.">Operational Resilience</a></li><li class="li"><a class="xref" href="../../grc-policy-and-compliance/reference/r_PolicyComplianceMgmt.html" title="The ServiceNow Policy and Compliance Management product provides a centralized process for creating and managing policies, standards, and internal control procedures that are cross-mapped to external regulations and benchmarks. Additionally, the application provides structured workflows for the identification, assessment, and continuous monitoring of control activities.">Policy and Compliance Management</a></li><li class="li"><a class="xref" href="../../grc-privacy-management/concept/privacy-management.html" title="Use the Governance, Risk, and Compliance: Privacy Management application to help protect your customers, employees, and suppliers with integrated data privacy risk and compliance management solutions and privacy by design concepts.">Privacy Management</a></li><li class="li"><a class="xref" href="../../grc-rcm/reference/reg-change-mgmt-landing-page.html" title="The ServiceNow Regulatory Change Management application enables you to check upcoming regulatory changes, assess their impact, and implement risk and compliance-related changes. The application ensures overall regulatory compliance.">Regulatory Change Management</a></li><li class="li"><a class="xref" href="../../grc-risk/concept/grc-risk-overview.html" title="Use the Governance, Risk, and Compliance: Risk Management application to continuously monitor to identify high-impact risks, improve your risk-based decision-making, and reduce reaction time effectively. The application also provides structured workflows for the management of risk assessments, risk indicators, and risk issues.">Risk Management</a></li><li class="li"><a class="xref" href="../../grc-vendor-risk/concept/third-party-risk-mgt-landing-page.html" title="The ServiceNow GRC: Third-party Risk Management (TPRM) application enables you to proactively identify, assess, and mitigate risks that are associated with your third-party relationships. TPRM provides a centralized process for managing your portfolio of third parties, assessing and scoring risk, and performing remediation.">Third-Party Risk Management</a></li><li class="li"><a class="xref" href="../concept/grc-and-store.html" title="All GRC applications are available from the ServiceNow Store, allowing you to obtain new and updated features more rapidly. Before you can use any GRC applications, you must verify that you have entitlement to them (that is, you have valid licenses to use them). Then, you can download them from the ServiceNow Store and activate them.">GRC and the ServiceNow Store</a></li><li class="li"><a class="xref" href="../concept/common-grc-features.html" title="Each of the four main Governance, Risk, and Compliance applications have unique features and capabilities. Additionally, there are many features that are common to all GRC applications.">Common GRC Features</a></li></ul> </div> </div> </div> </body></html></div>