CIS-RCI Certified Implementation Specialist - Risk and Compliance Questions and Answers

GRC Filtering

Metrics Reporting

Performance Analytics

Trending Analytics

Some applications are certified by ServiceNow

All applications are certified by ServiceNow

Applications may be developed by ServiceNow Technology Partners

It houses both paid and free applications and integrations

Applications are built om the ServiceNow platform

Applications are certified by other developers

Feed sources record

Provider record

Regulatory Feed record

Connection and Credentials record

Regulatory Change Task record

Document

Policy

Risk

Content

Indicator

Authority Document

Control Objective

Control

Risk

Policy

sn_grc.business_user

sn_risk.user

sn_risk.admin

sn_risk.manager

Displays the configuration list view of the table in the browser tab

Displays the table in list view within the Content Frame

Displays the table in list view within a separate browser tab

Displays the configuration list view of the table in the Content Frame

Knowledge Summit

ServiceNow Library

Authoritative Records

Knowledge Base

Risk Response

Risk issue management

Risk indicator management

Multi-level risk statement hierarchy

Risk Assessment Methodology

Risk Criteria Matrix

Manual Factor

Risk Framework

5 MB

4 MB

6MB

No Limit

Risk Statement

Issue

Risk

Control Objective

Policy

Control

[sn_risk_m2m_statement_profile_type]

[sn_risk_m2m_framework_profile_type]

[sn_risk_m2m_risk_definition_profile_type]

[sn_risk_m2m_policy_profile_type]

[sn_compliance_m2m_profile_profile_type]

[sn_risk_m2m_risk_profile]

[sn_compliance_m2m_policy_profile]

[sn_grc_m2m_profile_profile_type]

Risk user

Risk Admin

compliance user

Compliance Manager

Risk Manager

Compliance Admin

Policy

Citation

Indicator template

Entity Type

Entity Type

indicator template

Policy

Citation

Citation

Policy

Control Objective

Authority Document

An assessment is automatically generated to test each Entity listed in the Entity Type

A policy is created automatically for every Entity listed in the Entity Type

A control is automatically generated for every Entity listed in the Entity Type

The Entity Type presents a compliance score and controls tied to it

GRC indicator nightly run

GRC Entity and Risk Statement Data Collection

GRC Profile Generation

GRC Refresh Risk Scores

Reference

Classification

Category

Type

Description

Create one or multiple risk response tasks

Required to create at least one risk response task

Skipped entirely based on attributes defined in the RAM

Required to create a mitigation response task

Entity classes

Entity types

information objects

Departments

sn_compliance_policy

sn_compliance_policy_statement

sn_compliance_policy_exception

sn_complilance_authority_document

If the engagement is approved and there are remaining open tasks or issues, it automatically moves into

the Follow Up state.

If the engagement is approved and there are no remaining open tasks or issues, it automatically moves

into the Closed state.

If the engagement is rejected, it automatically moves back to the Fieldwork state.

If the engagement is approved and there are remaining open tasks or issues, it automatically moves into

the Fieldwork state.

If the engagement is rejected, it automatically moves into the Scope state.

Risk > Entities

Scoping > Profiles

Scoping > Entity Types

CMDB

sn_compliance.admin

sn_risk.user

sn_risk.manager

sn_risk.admin

They would like efficiency

They would like integrated reporting

They would like transparency

They would like automated customer service

They would like custom websites

They would like workflow driven processes

Setting up an object-based risk assessment

Adding to the policy exception integration registry

Assessing the impact of a regulatory feed

Leveraging classic risk assessments

Leveraging advanced risk assessments

Item

Document

Content

Indicator

Make sure that all of your Entities have the right visibility

Create and assign controls to the correct users

Create, assign, and manage controls and risks across an enterprise

Scope out the different users and roles that have access to the platform

Citation

Controls

Issue

Policy

Time card

Resource plan

Entities

Cost plan

Milestones

Control tests

Classic risk assessments

Issues

Control attestations

Control is Retired

Control is returned to Draft

Control remains in it ' s current state

Control state changes to Canceled

Regulatory requirements

Risk and Compliance personas

GRC processes

Data breaches

Audit failures

sn_grc_profile

sn_risk_framework

sn_risk_definition

sn_risk_risk

GRC Workbench

Dependency Model Builder

Data Model Designer

GRC Tree Map

set the risk to Monitor

Delete the ns <</p>

Deactivate the risk

Answer the assessment

set the risk back to Draft

Control Attestation

Interview

Walkthrough

Control Test

Activity

Remediation

Risk

Control

Policy

Control objective

Risk statement

Audit User

Compliance User

Compliance Manager

Risk User

Compliance Reader

Tablename_LIST

Tablename.list

Tablename.LIST

Tablename.List

Controls are identified from library and ad-hoc

Controls are identified from indicator results

Controls are identified from library

Controls are identified ad-hoc

Controls are identified from related issues

Retired

Awaiting Approval

Draft

Published

Review

SLE × ARO = ALE

ALE × ARO = Compliance Score

ALE × ARO = SLE

Impact × Urgency = ALE