ServiceNow Governance, Risk, and Compliance Reviews

34 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.8 out of 100

Do you work for this company? Learn how we help vendors

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-6 of 6)

Companies can't remove reviews or game the system. Here's why.
September 17, 2020
Rajat Wadhwani | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
ServiceNow Governance, Risk, and Compliance is our central request management system along with tools to generate value out of the data. It helps to keep track of requests within a huge organization and has options to archive them. Dashboards are very intuitive in nature and add value.
  • Central Request Management System
  • Intuitive Dashboards
  • Safe and Secure
  • Not User Friendly
  • Not easily Deployable
  • Too many permissions required
There are other alternatives for a request management system that are much more user friendly.
Team is very knowledgeable. The turn around time is really quick.
Read Rajat Wadhwani's full review
September 16, 2020
Anonymous | TrustRadius Reviewer
Score 5 out of 10
Vetted Review
Verified User
Review Source
As our company looked to assess and document our Internal Controls Environment and management, we looked to ServiceNow and other vendors to provide us with a framework/baseline starting point. We carefully compared features/capabilities of ServiceNow, Metric Stream, Modulo, and others and really benefited from the software demos offered by each company. We chose ServiceNow because of our already positive experience with their IT helpdesk software (was already used in our company) and how intuitively the GRC software appeared to operate. We understood that some customization was necessary, but felt it would more easily be adapted to our business versus the other options. Our experience, so far, has been positive; however, we feel we are still in the configuration/expansion phase. The challenges we are still overcoming are in our understanding of GRC attributes of our Oracle EBS R12 system, Active Directory access controls, and change control over these and other IT systems.

Our experience has been positive, and we appreciate the level of reporting and insight we gained by selecting a software like ServiceNow GRC instead of trying to handle this ourselves with documents and spreadsheets. As with most implementations, the costs occur up front, but we do expect an ROI in the next few years as we establish processes of administration, assessment, and remediation.
  • Easily configurable and potentially customizable where needed
  • Handle multiple user inputs and change management
  • Good dashboard reporting and visibility for executive team
  • Dashboard reporting takes some configuration to show KPIs needed
  • Cost may increase as we add more users/expand its scope internationally
  • Needs better templates to help our team configure and deploy effectively
Oracle EBS R12 requires a unique user skillset to understand how it handles user access and functions. Accordingly, ServiceNow has this high level of sophistication to manage this information and apply it to Sensitive Access and Segregation of Duties rules to identify exceptions. This depth of configuration is critical to accurately identify when Oracle Responsibilities (access) truly allows access and thus could be a violation.
ERPs with less complexity may not require this customization of ServiceNow GRC, but you would be wise to raise these questions and examples in the demo to ensure it will work for you. In the past, we have found that risks of under-reporting exceptions or false positives become so voluminous that users don't always get to the accurate violations for timely remediation. Proper configuration up front will improve your effectiveness and ROI down the road.
It's a good system, but I am awaiting key features in the new release. We hear that ServiceNow is continually adding new features and we look for improved reporting, better Oracle Integration, and user training opportunities. To the extent these materialize, we expect further improvements in our experience with ServiceNow GRC. Until that time, though, we believe we are meeting our objectives expected at the beginning of this project.
Read this authenticated review
September 18, 2020
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Being used in one of our departments to manage the GRC needs related to incident management of IT and non-IT applications and devices. SN BCM is being used to automate and manage the disaster recovery planning for critical IT applications serving the healthcare needs. This helped us lower the administration cost and also ensure the consistent uptime of applications helping us deliver patient care. Also, bringing everything in one place and automating helped us maintain a single source of truth to be leveraged across other enterprise applications.
  • Ease of use
  • Configuration options available.
  • Integrations with standard products.
  • Reporting can further be improved to allow for customizations.
  • End user configurable options.
Enterprise needs are well served by a product of scale such as Service Now. It might be less appropriate for the needs of a smaller organization or unit. Automation, disaster recovery, single source of truth, and seamless business continuity planning were very served by ServiceNow Governance, Risk, and Compliance in the use case specific to our organization and business unit. For a larger enterprise, a single source of truth that can be consumed or leveraged by other enterprise apps is always a big draw and this is where ServiceNow GRC fits in perfectly. It would definitely serve the needs of a smaller organization too as long as the organizations are rightly able to identify the use cases that are best served by an enterprise-grade application such as ServiceNow GRC
Excellent and knowledgable support.
Read this authenticated review
September 15, 2020
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
I was on the team that implemented this at my former company and we are implementing this at my current company. On the security and risk teams, it is an absolute must to have a simple, repeatable way of mapping, tracking, and resolving security and risk issues. This is extremely valuable for us when we have our audits and need to provide evidence that we are adhering to what we say we do. ServiceNow GRC is very scalable and customizable which helped us meet both industry-standards and internal classification requirements in our organization.
  • Finding reported by the auditor. GRC helps us identify, assign, and track the resolution of this.
  • Exception to information security policy. These require quarterly reviews and setting up reminders to revisit these.
  • Building out new projects and baking security and compliance into the project and tracking it in GRC to ensure we deliver a compliant product on day one
  • Like all ServiceNow, there is a learning curve, but with custom forms, this is easier that it was 5 years ago.
When we build a new project, we require that baseline security settings are met. Things like strong password, password expiration, MFA, etc. GRC, you can upload evidence that you are following this and a security team member or PM can view the evidence and see that (at a point in time) it was compliant.
ServiceNow support is great. Very responsive and helpful.
Read this authenticated review
February 23, 2016
Nick Bettes, CRISC, MBA | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
ServiceNow was already a product being used by my company. Within Information Security, we had a need for a GRC platform. It came to our attention ServiceNow offered this. Out of the box there was very little that could be leveraged to support a robust GRC platform. However, all the functionality was there to be used after extensive configuration, etc. Some custom code was required although we tried to limit wherever possible. After approximately 8 - 10 months of designing and developing our requirements into the tool, we had a program that could be supported by a GRC tool, that was largely built in a way that would fit our needs and current processes. The only cost was the additional license. The only frustration that comes from choosing ServiceNow, is that it took several months to get what other GRC tools (e.g. Modulo, MetricStream, etc) offer out of the box. However, that comes at a much higher cost. I would recommend ServiceNow Governance, Risk and Compliance (GRC) to anyone already using ServiceNow for Service Management and has a limited security budget. The other benefit is the integration with an existing CMDB or asset inventory where ServiceNow is the record of reference.
  • ServiceNow GRC is easily configurable. It does not require an extremely large team to support a decent size company.
  • While out of the box it does not deliver functionality offered by other GRC competitors, it can easily be designed. And by giving you the ability to design, you can make it fit your program with relative ease.
  • Cost benefit if ServiceNow is already leveraged within the environment. Deploying GRC capabilities comes at the cost of extra licenses.
  • Delivering more out of the box functionality that rivals other GRC platforms. The bare bones approach may not help companies that do not have expertise or capabilities to build effective GRC processes.
  • Easier way to implement workflow.
  • Offering better metrics without buying add-on tools.
It is well suited when you already have ServiceNow installed in the environment. You can benefit from a budgetary perspective as there's no need to buy another tool that requires support, cost, etc. You can also benefit as there is easy integration with your asset library if you leverage for your CMDB, etc.

It is less appropriate if there are adequate resources (people and money) and you want to quickly hit the ground running with a more enhanced, robust GRC platform. Other products would require less development as industry processes are delivered out of the box for systems that are truly GRC tools.
Read Nick Bettes, CRISC, MBA's full review
August 21, 2018
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
This is a tool that's being used by the entire company. It has helped the entire company understand and have knowledge about incidents, problems, as well as other stuff that is happening in the different areas of the company. All in a single web interface, easy to use and for all users.
  • Integrate teams of your company. Ticket information is spread quickly
  • Web interface is quick and has all the information needed. You define it
  • You have free and paid user options.
  • You need to have a ServiceNow partner to work with you
  • The free option for users doesn't require payment, but depends on the partners.
Well suited for companies that already know the benefits of joining different areas in a single view. If you have this knowledge, you'll benefit as quickly as you want. But, if you don't have experience with this, I do recommend that you begin with a smaller tool, then integrate the areas, and after that, you could decide if ServiceNow is the right tool for you.
Read this authenticated review

ServiceNow Governance, Risk, and Compliance Scorecard Summary

Feature Scorecard Summary

Common repository of GRC items (5)
6.4
Risk management (5)
6.5
Integration with Corporate Performance Management (CPM) systems (5)
7.7
GRC policy management (5)
6.3
Incident management (5)
7.4

What is ServiceNow Governance, Risk, and Compliance?

ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks. It is available via the Standard, Professional, and Enterprise editions, the latter two supporting GRC and internal auditing processes.

ServiceNow Governance, Risk, and Compliance Technical Details

Operating Systems: Unspecified
Mobile Application:No

Frequently Asked Questions

What is ServiceNow Governance, Risk, and Compliance?

ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks. It is available via the Standard, Professional, and Enterprise editions, the latter two supporting GRC and internal auditing processes.

What is ServiceNow Governance, Risk, and Compliance's best feature?

Reviewers rate Integration with Corporate Performance Management (CPM) systems highest, with a score of 7.7.

Who uses ServiceNow Governance, Risk, and Compliance?

The most common users of ServiceNow Governance, Risk, and Compliance are Enterprises from the Unknown industry.