ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks. It is available via the Standard, Professional, and Enterprise editions, the latter two supporting GRC and internal auditing processes.
N/A
Splunk IT Service Intelligence (ITSI)
Score 8.4 out of 10
N/A
Splunk supports IT operations analytics with the Splunk IT Service Intelligence premium offering, a software application available to subscribers to Splunk Cloud or Splunk Enterprise log analytics and SIEM platforms.
Oracle EBS R12 requires a unique user skillset to understand how it handles user access and functions. Accordingly, ServiceNow has this high level of sophistication to manage this information and apply it to Sensitive Access and Segregation of Duties rules to identify exceptions. This depth of configuration is critical to accurately identify when Oracle Responsibilities (access) truly allows access and thus could be a violation. ERPs with less complexity may not require this customization of ServiceNow GRC, but you would be wise to raise these questions and examples in the demo to ensure it will work for you. In the past, we have found that risks of under-reporting exceptions or false positives become so voluminous that users don't always get to the accurate violations for timely remediation. Proper configuration up front will improve your effectiveness and ROI down the road.
Splunk ITSI is a great tool (and toolbox) for combining together numerous and varied monitoring regimes to bring more holistic analysis and reduce alert fatigue. By leveraging the Splunk ITSI service and KPI modeling regime, ecosystem telemetry can be turned into a more reliable, clearer, high-level perspective on the current state of your components and services.
Finding reported by the auditor. GRC helps us identify, assign, and track the resolution of this.
Exception to information security policy. These require quarterly reviews and setting up reminders to revisit these.
Building out new projects and baking security and compliance into the project and tracking it in GRC to ensure we deliver a compliant product on day one
Delivering more out of the box functionality that rivals other GRC platforms. The bare bones approach may not help companies that do not have expertise or capabilities to build effective GRC processes.
Easier way to implement workflow.
Offering better metrics without buying add-on tools.
We have replaced our monitoring platform with Splunk & ITSI, and with the success, it's seen at our organization thus far we would be hard-pressed to pivot to another tool. Frankly, our business partners and application teams love Splunk & ITSI.
I'm satisfied with our experience. The configuration was the biggest challenge, but we have moved onto the stage of user training and usability. We would appreciate having better user training documentation and possibly videos and/or computer-based training to help our international users adopt this software for their GRC needs.
It's a good system, but I am awaiting key features in the new release. We hear that ServiceNow is continually adding new features and we look for improved reporting, better Oracle Integration, and user training opportunities. To the extent these materialize, we expect further improvements in our experience with ServiceNow GRC. Until that time, though, we believe we are meeting our objectives expected at the beginning of this project.
During POC, pre-planning, and implementation, we have had interactions with numerous folks at Splunk. Everyone from sales & engineering to markets analysts to specific IT component SMEs, and a small professional services engagement to get started. They have all been exceptionally helpful and go above and beyond the call of duty. They actively reach out to ensure success is being realized and find ways to help proactively, instead of having to simply open support cases with the vendor.
We just recently started using TrustArc for data privacy requests and I can already speak to the fact that TrustArc is a more confusing platform once there. The positives of ServiceNow would be that a majority of our URL's drive to owned websites which our employees are very comfortable with using versus pushing them to another website that feels unsafe.
Splunk has raised itself as a platform not just as a tool unlike other products in the market. If I talk about Moogsoft it also has similar capabilities but Splunk ITSI has more visibility and its GUI is making a different impact on the users. ServiceNow and Splunk are equally capable products however Splunk seems to have more tech-savvy people tools than ServiceNow.
Splunk ITSI has reduced the number of alerts exposed to our Network Operations Center by 100x while increasing the context around outages.
Splunk ITSI has increased the accuracy of our incident detection by leveraging the Event Analytics system to weigh the behavior of the many characteristics of each component together instead of independently.
Splunk ITSI has reduced our incident MTTR (mean time to restore) by detecting issues faster, presenting them more clearly, and surfacing the salient details about the underlying issue.
