NAVEX One vs. ServiceNow Governance, Risk, and Compliance

We have used PolicyTech for over 13 years. We have found it to be a robust solution, that has great technical support, and that continues to evolve as technology changes. If a business is looking for a solution to support best practices in policy and procedure development and distribution, there is no better solution than PolicyTech. We currently use PolicyTech’s SAS service. This solution would not be as effective for business environments that do not have computers for their employees to access on a daily basis.

Incentivized

Oracle EBS R12 requires a unique user skillset to understand how it handles user access and functions. Accordingly, ServiceNow has this high level of sophistication to manage this information and apply it to Sensitive Access and Segregation of Duties rules to identify exceptions. This depth of configuration is critical to accurately identify when Oracle Responsibilities (access) truly allows access and thus could be a violation. ERPs with less complexity may not require this customization of ServiceNow GRC, but you would be wise to raise these questions and examples in the demo to ensure it will work for you. In the past, we have found that risks of under-reporting exceptions or false positives become so voluminous that users don't always get to the accurate violations for timely remediation. Proper configuration up front will improve your effectiveness and ROI down the road.

Incentivized

• Ease of use and ability to modify documents.
• Versatility/Adaptability to utilize for other document management processes
• Ability to assign documents to groups of users to make policy review and notification more job/role specific

Incentivized

• Finding reported by the auditor. GRC helps us identify, assign, and track the resolution of this.
• Exception to information security policy. These require quarterly reviews and setting up reminders to revisit these.
• Building out new projects and baking security and compliance into the project and tracking it in GRC to ensure we deliver a compliant product on day one

Incentivized

• In my point of view, I would love this platform if it could be customized more to my personal taste and my needs, in this aspect it has its limitations.
• Unfortunately, the technical support of this program is not the best when it comes to responding, the truth is that they are never capable of responding to our problems on the spot.

Incentivized

• Delivering more out of the box functionality that rivals other GRC platforms. The bare bones approach may not help companies that do not have expertise or capabilities to build effective GRC processes.
• Easier way to implement workflow.
• Offering better metrics without buying add-on tools.

Incentivized

I'm satisfied with our experience. The configuration was the biggest challenge, but we have moved onto the stage of user training and usability. We would appreciate having better user training documentation and possibly videos and/or computer-based training to help our international users adopt this software for their GRC needs.

Incentivized

Only the administrator can talk to them.

Incentivized

It's a good system, but I am awaiting key features in the new release. We hear that ServiceNow is continually adding new features and we look for improved reporting, better Oracle Integration, and user training opportunities. To the extent these materialize, we expect further improvements in our experience with ServiceNow GRC. Until that time, though, we believe we are meeting our objectives expected at the beginning of this project.

Incentivized

Navex is best intuitive and satisfied all the security & compliance requirement. ServiceNow GRC is complex & not easy to deployable.. also need that cost effective solution. Even it was tough to customize initially but later after doing fine-tuning with policies & process we got best insights & inputs from solution .

Incentivized

We just recently started using TrustArc for data privacy requests and I can already speak to the fact that TrustArc is a more confusing platform once there. The positives of ServiceNow would be that a majority of our URL's drive to owned websites which our employees are very comfortable with using versus pushing them to another website that feels unsafe.

Incentivized

• Eliminates silos.
• Establishes a holistic central point of governance, management, and assurance of the organization's performance, risk and compliance.
• Lets you make informed decisions.

Incentivized

• Effective Enterprise Risk Management
• Holistic Real-time Monitoring of your technology and Risk
• Negative - Asset Management has some issues and Ghost / Shadow IT is big issue