ServiceNow Governance, Risk, and Compliance vs. ServiceNow IT Service Management

Oracle EBS R12 requires a unique user skillset to understand how it handles user access and functions. Accordingly, ServiceNow has this high level of sophistication to manage this information and apply it to Sensitive Access and Segregation of Duties rules to identify exceptions. This depth of configuration is critical to accurately identify when Oracle Responsibilities (access) truly allows access and thus could be a violation. ERPs with less complexity may not require this customization of ServiceNow GRC, but you would be wise to raise these questions and examples in the demo to ensure it will work for you. In the past, we have found that risks of under-reporting exceptions or false positives become so voluminous that users don't always get to the accurate violations for timely remediation. Proper configuration up front will improve your effectiveness and ROI down the road.

Incentivized

In terms of reporting, it has helped us a lot. Very easy to find an audit trail of who did what, when, and how long. It used to take us too long to figure out what was going wrong, and now we have clear monitoring on everything. The splitting of our smaller IT team into a larger one with 2 teams was also made easier with the auto-assignment, categorization, and escalation features. Approval processes take less time now. We have clear permissions set up for the manager and both teams.

Incentivized

• Finding reported by the auditor. GRC helps us identify, assign, and track the resolution of this.
• Exception to information security policy. These require quarterly reviews and setting up reminders to revisit these.
• Building out new projects and baking security and compliance into the project and tracking it in GRC to ensure we deliver a compliant product on day one

Incentivized

• Integration
• Good search capabilities. Applications are created within CMDB and we can search for the app to see the changes, incidents and problems created
• Reporting. Great store of MIS reports and will let you to create custom reports
• Visual Task Boards - use it as Kanban boards

• Delivering more out of the box functionality that rivals other GRC platforms. The bare bones approach may not help companies that do not have expertise or capabilities to build effective GRC processes.
• Easier way to implement workflow.
• Offering better metrics without buying add-on tools.

Incentivized

• Finding requests that I opened and have since been completed by the assigned group/individual is very difficult to accomplish unless I've written down the request numbers somewhere.
• Requests that I opened and are subsequently closed, often continue to appear in the list of "My Open Requests" giving the appearance that they were not completed when in fact they were.
• It may exist, but if it does I haven't found it yet, which makes it less than intuitive, but I would like to see the ability to recall a request in ServiceNow.
• I believe our firewall rule change request for is a custom form, but it has a serious drawback. If I submit such a request and need to make a correction to it before it is approved, there isn't anyway for me to do so. The request has to first be rejected with the creation of a sub-task in order to edit it before it is resubmitted for approval.

Incentivized

To be completely honest setting up a new ticketing system can be a pain in the ass. Once you have it setup and customized the way you want it, you don't want to switch unless you're unhappy with the product. Unless future releases and updates really muck the system up, I wouldn't change.

I'm satisfied with our experience. The configuration was the biggest challenge, but we have moved onto the stage of user training and usability. We would appreciate having better user training documentation and possibly videos and/or computer-based training to help our international users adopt this software for their GRC needs.

Incentivized

The dashboard is so confusing, [there are] many clicks to open a task and search by a ticket. The Enterprise customisation [we did] has finished to kill the software and creates a really bad experience on a daily basis. [It is] So slow, and so many clicks to process a ticket. Works only on IE so, that [should] make you realize that [it] is a bad idea.

We have never had any issues with ServiceNow's availability that I am aware of in the two years I have been using it.

Incentivized

For a massive system, page loads are reasonably quick, including searches.

Incentivized

It's a good system, but I am awaiting key features in the new release. We hear that ServiceNow is continually adding new features and we look for improved reporting, better Oracle Integration, and user training opportunities. To the extent these materialize, we expect further improvements in our experience with ServiceNow GRC. Until that time, though, we believe we are meeting our objectives expected at the beginning of this project.

Incentivized

I would give it this rating because we have had no major issues with the support for ServiceNow after we implemented it at our organization. They seem to respond promptly and efficiently if we ever do need to open a support case with them about an issue we are having.

Incentivized

To type in what should be a text box, you have to click an empty cell, a tiny text box pop up opens with a check box and an X. You the. Type in the text box and have to click the check mark. If you have a bunch of fields to fill out, doing this is very annoying. Absolutely know thought went in to this. I'm sure somebody in marketing thought it was a good idea. It wasn't.

Without exception, every client I have worked with has been very happy with their resulting product. While this is partly due to my work, I must point out that the platform is the winning decision, not the implementer.

Incentivized

We just recently started using TrustArc for data privacy requests and I can already speak to the fact that TrustArc is a more confusing platform once there. The positives of ServiceNow would be that a majority of our URL's drive to owned websites which our employees are very comfortable with using versus pushing them to another website that feels unsafe.

Incentivized

We used to use Jira to handle service tickets but it's way too robust for something this straightforward. Due to the nature of Jira, you needed to already have a lot of documentation and knowledge about who should be assigned the ticket, so the lift of creating a ticket was time consuming.

Incentivized

ServiceNow works as an enterprise solution.

Incentivized

• Effective Enterprise Risk Management
• Holistic Real-time Monitoring of your technology and Risk
• Negative - Asset Management has some issues and Ghost / Shadow IT is big issue

• We don't currently have a CMDB, so we are leveraging ServiceNow to build one using their ITSM and ITOM tools. This is a huge gap for us as a company and it will be a big win once this is in place.
• The core help desk functions are comparable to most other tools on the market, but SN does a great job of integrating that data with other modules like Problem, Change and Event Management to provide a truly integrated solution.
• The tool is expensive, so you will need to try to do as much as you can with the platform. We currently use other systems for HAM and SAM but will be including these in our ServiceNow instance in the future to help maximize our ROI.

Incentivized