Freshservice is a cloud-based service desk and IT service management (ITSM) solution that currently serves more than 10,000 SMB, mid-market, and enterprise customers worldwide.
$29
per month per agent
ServiceNow Governance, Risk, and Compliance
Score 8.9 out of 10
N/A
ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks. It is available via the Standard, Professional, and Enterprise editions, the latter two supporting GRC and internal auditing processes.
Freshservice is well suited for companies looking to implement ticketing / case management across the organization, but only if IT will be using it. Otherwise, I'd recommend Freshdesk. IT departments that don't function in the ITIL style of incident, request, change, and project management may find it overkill if they are only looking for a simple Help Desk solution.
Oracle EBS R12 requires a unique user skillset to understand how it handles user access and functions. Accordingly, ServiceNow has this high level of sophistication to manage this information and apply it to Sensitive Access and Segregation of Duties rules to identify exceptions. This depth of configuration is critical to accurately identify when Oracle Responsibilities (access) truly allows access and thus could be a violation. ERPs with less complexity may not require this customization of ServiceNow GRC, but you would be wise to raise these questions and examples in the demo to ensure it will work for you. In the past, we have found that risks of under-reporting exceptions or false positives become so voluminous that users don't always get to the accurate violations for timely remediation. Proper configuration up front will improve your effectiveness and ROI down the road.
Finding reported by the auditor. GRC helps us identify, assign, and track the resolution of this.
Exception to information security policy. These require quarterly reviews and setting up reminders to revisit these.
Building out new projects and baking security and compliance into the project and tracking it in GRC to ensure we deliver a compliant product on day one
To have more options on what to do with the emails that arrive in the support mailbox (which goes to Freshservice), Setting some special rules or detailed filtering is not possible.
Non 3rd party tools to connect to Intune are missing. Additionally, the third-party tool available in the store is not satisfactory. It would be nice to have native support for importing devices from our Azure cloud.
The contract requires you to prolong your contract end-date by two years instead of just one year, which to us is a bit aggressive.
Delivering more out of the box functionality that rivals other GRC platforms. The bare bones approach may not help companies that do not have expertise or capabilities to build effective GRC processes.
Easier way to implement workflow.
Offering better metrics without buying add-on tools.
We are pretty invested in Freshservice right now and have integrated it pretty heavily into our environment, so it would be hard to move away from it. For the most part, we are happy with Freshservice and the ease of use it gives us in managing tickets through the system. The only complaint we've had is customer service.
The UI design of Freshservice is simple and intuitive. You don't have to be a technical expert to navigate your way into the different pages/modules available. There are no buttons that are hidden in plain sight. Even our HR team required little to no help when they started using Freshservice.
I'm satisfied with our experience. The configuration was the biggest challenge, but we have moved onto the stage of user training and usability. We would appreciate having better user training documentation and possibly videos and/or computer-based training to help our international users adopt this software for their GRC needs.
Most reports are quick, however, it can take some time for emailed exports to come via email. It would be helpful to have the exports live in the system rather than having to wait on emails.
Support from OEM is decent but needs improvement. Sometimes OEM also needs to understand the criticality of the customer and help as an Ad-hoc, which is somewhat lacking at Feshservice. Although the normal support team is well-equipped and helps according to the matrix, if something critical for the partner or customer requires immediate attention, it still goes through the L1-L2-L3 levels, which wastes a lot of time.
It's a good system, but I am awaiting key features in the new release. We hear that ServiceNow is continually adding new features and we look for improved reporting, better Oracle Integration, and user training opportunities. To the extent these materialize, we expect further improvements in our experience with ServiceNow GRC. Until that time, though, we believe we are meeting our objectives expected at the beginning of this project.
Their documentation is pretty good, but only available in English. This makes it difficult for some of our users to understand. There are also some basic video courses available.
Creating the correct groups for the stakeholders and enabling the right notifications are one of the most important aspect of the implementation. Creating Change templates will also help in the long run and it's a good practice to create one, if applicable.
Easy setup and a lot of customization which can be made. They offer the full ITSM tool for 75$ per agent and all the PRO are included in the package, which makes it easy to calculate and use. There are only a few add-ins that you need to pay for, based on the number of agents or the number of executions.
We just recently started using TrustArc for data privacy requests and I can already speak to the fact that TrustArc is a more confusing platform once there. The positives of ServiceNow would be that a majority of our URL's drive to owned websites which our employees are very comfortable with using versus pushing them to another website that feels unsafe.
