Skip to main content
TrustRadius
ServiceNow Governance, Risk, and Compliance

ServiceNow Governance, Risk, and Compliance

Overview

What is ServiceNow Governance, Risk, and Compliance?

ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks. It is available via the Standard,…

Read more
Recent Reviews

Service now GRC review

8 out of 10
September 19, 2020
Incentivized
Being used in one of our departments to manage the GRC needs related to incident management of IT and non-IT applications and devices. SN …
Continue reading

Great software for GRC

5 out of 10
September 17, 2020
Incentivized
As our company looked to assess and document our Internal Controls Environment and management, we looked to ServiceNow and other vendors …
Continue reading
Read all reviews

Popular Features

View all 5 features
  • Risk management (10)
    9.0
    90%
  • Common repository of GRC items (10)
    8.6
    86%
  • GRC policy management (10)
    8.4
    84%
  • Integration with Corporate Performance Management (CPM) systems (10)
    7.6
    76%
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is ServiceNow Governance, Risk, and Compliance?

ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks. It is available via the Standard,…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

56 people also want pricing

Alternatives Pricing

What is Clear Analytics?

Clear Analytics is a business intelligence solution that enables non technical end users to perform analytics by leveraging existing knowledge of Excel coupled with a built in query builder. Some key features include: Dynamic Data Refresh, Data Share and In-Excel Collaboration.

What is ManageEngine DataSecurity Plus?

ManageEngine's DataSecurity Plus is a software solution to help users find, analyze, and track sensitive personal data—also known as PII/ePHI— residing in Windows file servers and failover clusters.

Return to navigation

Product Demos

ALL-IN-ONE SERVICENOW CAM DEMO - Continuous Authorization & Monitoring | Governance, Risk & Complian

YouTube
Return to navigation

Features

Governance, Risk & Compliance

The goal of IT governance is ultimately to ensure that the processes governing evaluation, selection, prioritization, and funding of competing IT investments are driven by the overall business

8.5
Avg 7.6
Return to navigation

Product Details

What is ServiceNow Governance, Risk, and Compliance?

ServiceNow Governance, Risk, and Compliance Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks. It is available via the Standard, Professional, and Enterprise editions, the latter two supporting GRC and internal auditing processes.

Reviewers rate Risk management highest, with a score of 9.

The most common users of ServiceNow Governance, Risk, and Compliance are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(50)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Users commonly recommend requesting a demo from the ServiceNow team to explore the software's offerings and make business operations smoother. They also suggest implementing GRC modules to improve key performance indicators. Additionally, users emphasize the importance of defining operational processes and roles for different users before granting them access to ServiceNow in order to ensure smooth access management within the platform. Taking these recommendations into consideration can greatly enhance the effectiveness and efficiency of using ServiceNow for business operations.

Attribute Ratings

Reviews

(1-11 of 11)
Companies can't remove reviews or game the system. Here's why
Pranav Sharma | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
ServiceNow Governance, Risk, and Compliance is mostly suited for all the requirements related to Governance, audit and performance management. However, need some fine tuning for ensuring regulatory and legal compliance. Also, for open source components, we are using this for ensuring the SAST and SCA compliance for identifying and mitigating security, licensing and operational risks.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
ServiceNow is well suited for company wide messages as they pertain to trainings or information that affect all employees. A scenario where the system has been less appreciated is a mass message that confuses a variety of business units within our company who were not assigned a specific training or the change/message does not affect their day to day.
Varun Khare | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
We have used the whole ServiceNow Governance, Risk, and Compliance suite along with Vulnerability Resolution. It worked well, we have a completely automated process for our risk findings and exceptions. Now we have real-time visibility into resilience by continuously monitoring, detecting, accessing and mitigating, and remediating risk in the vendor ecosystem.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
It can be our central request management system that can generate valuable data. In addition to helping us keep track of requests, it can handle archival very well and you can search for the data you need whenever needed. For auditing and compliance purposes, this is very useful to help with the audit requests. It is bringing everything in one centralized location.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
GRC is a great tool for Compliance and prevent from threats. SN GRC service management is equally effective at automating processes and workflows to keep our organization compliant with the expanding restrictions and regulations intended to keep businesses and our customers safe from expanding threats. This technology helps our organization ensure governance risk.
September 19, 2020

Service now GRC review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
Enterprise needs are well served by a product of scale such as Service Now. It might be less appropriate for the needs of a smaller organization or unit. Automation, disaster recovery, single source of truth, and seamless business continuity planning were very served by ServiceNow Governance, Risk, and Compliance in the use case specific to our organization and business unit. For a larger enterprise, a single source of truth that can be consumed or leveraged by other enterprise apps is always a big draw and this is where ServiceNow GRC fits in perfectly. It would definitely serve the needs of a smaller organization too as long as the organizations are rightly able to identify the use cases that are best served by an enterprise-grade application such as ServiceNow GRC
September 17, 2020

Great software for GRC

Score 5 out of 10
Vetted Review
Verified User
Incentivized
Oracle EBS R12 requires a unique user skillset to understand how it handles user access and functions. Accordingly, ServiceNow has this high level of sophistication to manage this information and apply it to Sensitive Access and Segregation of Duties rules to identify exceptions. This depth of configuration is critical to accurately identify when Oracle Responsibilities (access) truly allows access and thus could be a violation.
ERPs with less complexity may not require this customization of ServiceNow GRC, but you would be wise to raise these questions and examples in the demo to ensure it will work for you. In the past, we have found that risks of under-reporting exceptions or false positives become so voluminous that users don't always get to the accurate violations for timely remediation. Proper configuration up front will improve your effectiveness and ROI down the road.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
When we build a new project, we require that baseline security settings are met. Things like strong password, password expiration, MFA, etc. GRC, you can upload evidence that you are following this and a security team member or PM can view the evidence and see that (at a point in time) it was compliant.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Well suited for companies that already know the benefits of joining different areas in a single view. If you have this knowledge, you'll benefit as quickly as you want. But, if you don't have experience with this, I do recommend that you begin with a smaller tool, then integrate the areas, and after that, you could decide if ServiceNow is the right tool for you.
February 23, 2016

ServiceNow GRC

Nick Bettes, CRISC, MBA | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
It is well suited when you already have ServiceNow installed in the environment. You can benefit from a budgetary perspective as there's no need to buy another tool that requires support, cost, etc. You can also benefit as there is easy integration with your asset library if you leverage for your CMDB, etc.

It is less appropriate if there are adequate resources (people and money) and you want to quickly hit the ground running with a more enhanced, robust GRC platform. Other products would require less development as industry processes are delivered out of the box for systems that are truly GRC tools.
Return to navigation