Diligent One Platform offers a unified solution for Governance, Risk, and Compliance (GRC) management, providing a comprehensive overview of risks and insights in one place.
N/A
ServiceNow Governance, Risk, and Compliance
Score 8.1 out of 10
N/A
ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks. It is available via the Standard, Professional, and Enterprise editions, the latter two supporting GRC and internal auditing processes.
We are very happy with the tool, especially the flexibility> it was very easy for us to start with audits which we already do and move to controls and Risks from there. Most other tools try to force a methodology on you. It is very well suited for companies that want to start somewhere and grow from there
Oracle EBS R12 requires a unique user skillset to understand how it handles user access and functions. Accordingly, ServiceNow has this high level of sophistication to manage this information and apply it to Sensitive Access and Segregation of Duties rules to identify exceptions. This depth of configuration is critical to accurately identify when Oracle Responsibilities (access) truly allows access and thus could be a violation. ERPs with less complexity may not require this customization of ServiceNow GRC, but you would be wise to raise these questions and examples in the demo to ensure it will work for you. In the past, we have found that risks of under-reporting exceptions or false positives become so voluminous that users don't always get to the accurate violations for timely remediation. Proper configuration up front will improve your effectiveness and ROI down the road.
Enhance business compliance by maintaining records and documents for all our processes and reports, which allows us to not worry about training new people in case resources are transferred.
We integrated risk assessment tools and business continuity plans, which allowed proactive identification and mitigation of potential business risks.
It helped to secure communication channels with confidential discussions and document sharing among team members and leadership.
Finding reported by the auditor. GRC helps us identify, assign, and track the resolution of this.
Exception to information security policy. These require quarterly reviews and setting up reminders to revisit these.
Building out new projects and baking security and compliance into the project and tracking it in GRC to ensure we deliver a compliant product on day one
Delivering more out of the box functionality that rivals other GRC platforms. The bare bones approach may not help companies that do not have expertise or capabilities to build effective GRC processes.
Easier way to implement workflow.
Offering better metrics without buying add-on tools.
I'm satisfied with our experience. The configuration was the biggest challenge, but we have moved onto the stage of user training and usability. We would appreciate having better user training documentation and possibly videos and/or computer-based training to help our international users adopt this software for their GRC needs.
HighBond by Galvanize support has some of the best and fastest support that I have experienced. Though we only contact them through emails, they were quick to provide insightful information about our problems. Whenever we email them about an issue, they would be able to reply in less than an hour, ready and prepared with useful solutions to address the issue.
It's a good system, but I am awaiting key features in the new release. We hear that ServiceNow is continually adding new features and we look for improved reporting, better Oracle Integration, and user training opportunities. To the extent these materialize, we expect further improvements in our experience with ServiceNow GRC. Until that time, though, we believe we are meeting our objectives expected at the beginning of this project.
We’re pretty satisfied with the implementation offering and the reading experiences provided. With our quarterly audits, this tool has made the task much more accessible. The outcome of version control of documents is easy to accomplish, and gathering all the records in one place makes it more accessible.
I'm excited about diligent due to the fact that they provide many tools to support compliance through use of analytics and testing processes. We also use FloQast, for which I'm an advocate for, however I'm not sure they have expanded yet to support analytics and testing. I don't have any further experience with other products
We just recently started using TrustArc for data privacy requests and I can already speak to the fact that TrustArc is a more confusing platform once there. The positives of ServiceNow would be that a majority of our URL's drive to owned websites which our employees are very comfortable with using versus pushing them to another website that feels unsafe.
A lot of time and efficiency has been saved for my team as we continue to find different ways to automate tests, continuous monitoring projects, etc. We have been able to shift our focus on enhancement projects that previously had been on the back burner until we had switched to the Diligent One Platform.
