Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

Using Service Now for Risk/Compliance Program Mgt


I also posted this question in Service Management but have not heard anything yet.

My team runs Risk and Compliance efforts.  We had moved to JIRA to run one program as a "project" and sending out "issues" to assignees for them to either answer audit questions or provide evidence for the audit/assessment under way (such as SOX or PCI).

Our Operations partners have insisted that we utilize Service Now to do this same activity.  We don't see how SNOW can be used for program/project management.  

Has anyone done this or tried this and care to share your experience? 
You must sign in to rate content.
(1 ratings)

Comments

RE: Using Service Now for Risk/Compliance Program Mgt

Hello, good question. We like to help where we can in this forum. So questions for you... * What features of JIRA are you using that aren't available in ServiceNow? For ServiceNow, is your ops team using the ITIL/ITSM or other template? * Are you managing risk to business IT objectives in Risk IT/COBIT Risk fashion (as suggested by "risk" included in your team name) OR answering audit questions and attaching evidence (as stated in your note)? Fundamentally, JIRA is an app dev tool focused on agile whereas ServiceNow is about operations management. Neither is an audit management tool. Depending on exactly what you need and the reason you need it for, ServiceNow might be fine and provide better workload management and tracking? Can share more after learning of your needs. Best, Brian
Brian BarnierEnergizer at 5/18/2017 4:21:36 PM Quote
You must sign in to rate content.
(1 ratings)

RE: Using Service Now for Risk/Compliance Program Mgt

Hi Shirley - ServiceNow has a GRC module. Have you looked into that?
Vincent084Energizer at 8/24/2017 1:04:18 PM Quote
You must sign in to rate content.
(Unrated)

RE: Using Service Now for Risk/Compliance Program Mgt

Hi Shirley, 
Our platform - STORM Cyber Risk Management utilizes all cyber risk and compliance management, including task and project management AND we can use ServiceNow API to manage tasks for the IT. 
Our solution includes modules for systems inventory, business process mapping, data assets identification and classification, BIA assessments, controls assessments (based on NIST CSF, ISO 27002, or any custom controls list you wish), automatic risk register based on predefined risk types, vulnerability management, risk acceptance workflows and much more. 


our website (it is a bit messy and a new site is coming soon): http://storm.innosec.com
and you can email us at: info[at]innosec[dot]com
mitkeLively at 8/25/2017 12:28:40 AM Quote
You must sign in to rate content.
(Unrated)

RE: Using Service Now for Risk/Compliance Program Mgt

I spent about 30 minutes evaluating SNOW for project management. When I discovered that there was no way to import & export to MS-Project or other formats, we stopped and decided not to use the tool.  Even if it had been perfect, we needed to communicate with people who weren't going to use SNOW.

SNOW integrates with other SNOW modules, but not with other tools.

Caveat - this was about 3 years ago; tool may have improved since then.
Mark368Lively at 9/6/2017 7:12:12 AM Quote
You must sign in to rate content.
(Unrated)

RE: Using Service Now for Risk/Compliance Program Mgt

I spent about 30 minutes evaluating SNOW for project management. When I discovered that there was no way to import & export to MS-Project or other formats, we stopped and decided not to use the tool.  Even if it had been perfect, we needed to communicate with people who weren't going to use SNOW.

SNOW integrates with other SNOW modules, but not with other tools.

Caveat - this was about 3 years ago; tool may have improved since then.
Mark368Lively at 9/6/2017 7:12:12 AM Quote
You must sign in to rate content.
(Unrated)

RE: Using Service Now for Risk/Compliance Program Mgt

Hi Shirley, 
Our platform - STORM Cyber Risk Management utilizes all cyber risk and compliance management, including task and project management AND we can use ServiceNow API to manage tasks for the IT. 
Our solution includes modules for systems inventory, business process mapping, data assets identification and classification, BIA assessments, controls assessments (based on NIST CSF, ISO 27002, or any custom controls list you wish), automatic risk register based on predefined risk types, vulnerability management, risk acceptance workflows and much more. 


our website (it is a bit messy and a new site is coming soon): http://storm.innosec.com
and you can email us at: info[at]innosec[dot]com
mitkeLively at 8/25/2017 12:28:40 AM Quote
You must sign in to rate content.
(Unrated)

RE: Using Service Now for Risk/Compliance Program Mgt

Hi Shirley - ServiceNow has a GRC module. Have you looked into that?
Vincent084Energizer at 8/24/2017 1:04:18 PM Quote
You must sign in to rate content.
(Unrated)

RE: Using Service Now for Risk/Compliance Program Mgt

Hello, good question. We like to help where we can in this forum. So questions for you... * What features of JIRA are you using that aren't available in ServiceNow? For ServiceNow, is your ops team using the ITIL/ITSM or other template? * Are you managing risk to business IT objectives in Risk IT/COBIT Risk fashion (as suggested by "risk" included in your team name) OR answering audit questions and attaching evidence (as stated in your note)? Fundamentally, JIRA is an app dev tool focused on agile whereas ServiceNow is about operations management. Neither is an audit management tool. Depending on exactly what you need and the reason you need it for, ServiceNow might be fine and provide better workload management and tracking? Can share more after learning of your needs. Best, Brian
Brian BarnierEnergizer at 5/18/2017 4:21:36 PM Quote
You must sign in to rate content.
(1 ratings)

RE: Using Service Now for Risk/Compliance Program Mgt

Hello, good question. We like to help where we can in this forum. So questions for you... * What features of JIRA are you using that aren't available in ServiceNow? For ServiceNow, is your ops team using the ITIL/ITSM or other template? * Are you managing risk to business IT objectives in Risk IT/COBIT Risk fashion (as suggested by "risk" included in your team name) OR answering audit questions and attaching evidence (as stated in your note)? Fundamentally, JIRA is an app dev tool focused on agile whereas ServiceNow is about operations management. Neither is an audit management tool. Depending on exactly what you need and the reason you need it for, ServiceNow might be fine and provide better workload management and tracking? Can share more after learning of your needs. Best, Brian
Brian BarnierEnergizer at 5/18/2017 4:21:36 PM Quote
You must sign in to rate content.
(1 ratings)

RE: Using Service Now for Risk/Compliance Program Mgt

Hi Shirley - ServiceNow has a GRC module. Have you looked into that?
Vincent084Energizer at 8/24/2017 1:04:18 PM Quote
You must sign in to rate content.
(Unrated)

RE: Using Service Now for Risk/Compliance Program Mgt

Hi Shirley, 
Our platform - STORM Cyber Risk Management utilizes all cyber risk and compliance management, including task and project management AND we can use ServiceNow API to manage tasks for the IT. 
Our solution includes modules for systems inventory, business process mapping, data assets identification and classification, BIA assessments, controls assessments (based on NIST CSF, ISO 27002, or any custom controls list you wish), automatic risk register based on predefined risk types, vulnerability management, risk acceptance workflows and much more. 


our website (it is a bit messy and a new site is coming soon): http://storm.innosec.com
and you can email us at: info[at]innosec[dot]com
mitkeLively at 8/25/2017 12:28:40 AM Quote
You must sign in to rate content.
(Unrated)

RE: Using Service Now for Risk/Compliance Program Mgt

I spent about 30 minutes evaluating SNOW for project management. When I discovered that there was no way to import & export to MS-Project or other formats, we stopped and decided not to use the tool.  Even if it had been perfect, we needed to communicate with people who weren't going to use SNOW.

SNOW integrates with other SNOW modules, but not with other tools.

Caveat - this was about 3 years ago; tool may have improved since then.
Mark368Lively at 9/6/2017 7:12:12 AM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.