SailPoint Identity Platform vs ServiceNow Governance, Risk, and Compliance

We are happy with the management of the Id, accounts where the user can request any access easily. Also the many connector which Sailpoint is offering in order to onboard lots of applications is quite helpful. The access review module has also have been improve so that large campaigns can we work out easily.

Where we see some improvement is on the UI as here it is not so intuitive for the end user, so that we need to make lots of communications and training so that the user is able to understand how to use it.

For the administration and creation of roles it also would be great to have some improvements here to make it more easily its management.

Oracle EBS R12 requires a unique user skillset to understand how it handles user access and functions. Accordingly, ServiceNow has this high level of sophistication to manage this information and apply it to Sensitive Access and Segregation of Duties rules to identify exceptions. This depth of configuration is critical to accurately identify when Oracle Responsibilities (access) truly allows access and thus could be a violation. ERPs with less complexity may not require this customization of ServiceNow GRC, but you would be wise to raise these questions and examples in the demo to ensure it will work for you. In the past, we have found that risks of under-reporting exceptions or false positives become so voluminous that users don't always get to the accurate violations for timely remediation. Proper configuration up front will improve your effectiveness and ROI down the road.

• Brings users access, profiles and accounts all into one place
• Manages the Life Cycle Management process across ALL identities, permanent and Temporary
• Secures and manages access to critical applications and resources across the group
• Enables Info. Security to customise, share and delegate authority across the group
• Single version of the truth across our technology platform

• Finding reported by the auditor. GRC helps us identify, assign, and track the resolution of this.
• Exception to information security policy. These require quarterly reviews and setting up reminders to revisit these.
• Building out new projects and baking security and compliance into the project and tracking it in GRC to ensure we deliver a compliant product on day one

• The user interface is not very intuitive. It is hard for the occasional user to navigate through the request process. There are no instructions on the screen to help the user to know what to do. It is left up to the user to figure out what to click on and how to navigate through the process.

• Delivering more out of the box functionality that rivals other GRC platforms. The bare bones approach may not help companies that do not have expertise or capabilities to build effective GRC processes.
• Easier way to implement workflow.
• Offering better metrics without buying add-on tools.

Overall usablity is excellent. The product is capable of performing all the expected tasks for a IAM solution.

I'm satisfied with our experience. The configuration was the biggest challenge, but we have moved onto the stage of user training and usability. We would appreciate having better user training documentation and possibly videos and/or computer-based training to help our international users adopt this software for their GRC needs.

Support for Customizations is very limited.

It's a good system, but I am awaiting key features in the new release. We hear that ServiceNow is continually adding new features and we look for improved reporting, better Oracle Integration, and user training opportunities. To the extent these materialize, we expect further improvements in our experience with ServiceNow GRC. Until that time, though, we believe we are meeting our objectives expected at the beginning of this project.

Implementation was done correctly and all the requirements were met.

The on-prem SailPoint IdentityIQ platform provides the necessary customization that is required in our dynamic environment. Although we may look at a cloud-based Identity Management service again in the future, (there are many advantages), our identity management, authentication, and application assignment processes cannot be quickly consolidated to a single cloud-based service at this time.

TraceGP is a project management tool that was customized to work with ITIL. But, nothing ITIL-like. And as we needed a tool that was really "compatible" with ITIL, we discovered in ServiceNow a real tool that could help us. We can now do things like, for example, find an incident that was related to a specific problem.

• Over 300,000 password change/reset calls avoided to the helpdesk annually.
• 1,000 plus accounts with proper accesses provisioned via automated birthright processes weekly versus 1-2 days of manual provisioning and approvals. With a call center population that churns many people per week, this brings many dollars of efficiency to the operations teams.
• Flexibility on terminations to manage accounts and access for target applications based on regulatory or business rules to ensure compliance and avoid fines for non-compliance.

• Mostly cultural change. If teams aren't aware of the new implementation of GRC and they get a request to answer questions, it can be confusing. This is cultural and not a con against the product.