Skip to main content
TrustRadius
ServiceNow Governance, Risk, and Compliance

ServiceNow Governance, Risk, and Compliance

Overview

What is ServiceNow Governance, Risk, and Compliance?

ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks. It is available via the Standard,…

Read more
Recent Reviews

Service now GRC review

8 out of 10
September 19, 2020
Incentivized
Being used in one of our departments to manage the GRC needs related to incident management of IT and non-IT applications and devices. SN …
Continue reading

Great software for GRC

5 out of 10
September 17, 2020
Incentivized
As our company looked to assess and document our Internal Controls Environment and management, we looked to ServiceNow and other vendors …
Continue reading
Read all reviews

Popular Features

View all 5 features
  • Risk management (10)
    9.0
    90%
  • Common repository of GRC items (10)
    8.6
    86%
  • GRC policy management (10)
    8.4
    84%
  • Integration with Corporate Performance Management (CPM) systems (10)
    7.6
    76%
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is ServiceNow Governance, Risk, and Compliance?

ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks. It is available via the Standard,…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

56 people also want pricing

Alternatives Pricing

What is Clear Analytics?

Clear Analytics is a business intelligence solution that enables non technical end users to perform analytics by leveraging existing knowledge of Excel coupled with a built in query builder. Some key features include: Dynamic Data Refresh, Data Share and In-Excel Collaboration.

What is ManageEngine DataSecurity Plus?

ManageEngine's DataSecurity Plus is a software solution to help users find, analyze, and track sensitive personal data—also known as PII/ePHI— residing in Windows file servers and failover clusters.

Return to navigation

Product Demos

ALL-IN-ONE SERVICENOW CAM DEMO - Continuous Authorization & Monitoring | Governance, Risk & Complian

YouTube
Return to navigation

Features

Governance, Risk & Compliance

The goal of IT governance is ultimately to ensure that the processes governing evaluation, selection, prioritization, and funding of competing IT investments are driven by the overall business

8.5
Avg 7.6
Return to navigation

Product Details

What is ServiceNow Governance, Risk, and Compliance?

ServiceNow Governance, Risk, and Compliance Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

ServiceNow Governance, Risk, and Compliance provides the tools businesses use to proactively manage risk by measuring, testing and auditing internal processes. This solution helps business users ensure compliance to regulations, policies, standards and frameworks. It is available via the Standard, Professional, and Enterprise editions, the latter two supporting GRC and internal auditing processes.

Reviewers rate Risk management highest, with a score of 9.

The most common users of ServiceNow Governance, Risk, and Compliance are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(50)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Users commonly recommend requesting a demo from the ServiceNow team to explore the software's offerings and make business operations smoother. They also suggest implementing GRC modules to improve key performance indicators. Additionally, users emphasize the importance of defining operational processes and roles for different users before granting them access to ServiceNow in order to ensure smooth access management within the platform. Taking these recommendations into consideration can greatly enhance the effectiveness and efficiency of using ServiceNow for business operations.

Attribute Ratings

Reviews

(1-4 of 4)
Companies can't remove reviews or game the system. Here's why
September 19, 2020

Service now GRC review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
Being used in one of our departments to manage the GRC needs related to incident management of IT and non-IT applications and devices. SN BCM is being used to automate and manage the disaster recovery planning for critical IT applications serving the healthcare needs. This helped us lower the administration cost and also ensure the consistent uptime of applications helping us deliver patient care. Also, bringing everything in one place and automating helped us maintain a single source of truth to be leveraged across other enterprise applications.
  • Ease of use
  • Configuration options available.
  • Integrations with standard products.
  • Reporting can further be improved to allow for customizations.
  • End user configurable options.
Enterprise needs are well served by a product of scale such as Service Now. It might be less appropriate for the needs of a smaller organization or unit. Automation, disaster recovery, single source of truth, and seamless business continuity planning were very served by ServiceNow Governance, Risk, and Compliance in the use case specific to our organization and business unit. For a larger enterprise, a single source of truth that can be consumed or leveraged by other enterprise apps is always a big draw and this is where ServiceNow GRC fits in perfectly. It would definitely serve the needs of a smaller organization too as long as the organizations are rightly able to identify the use cases that are best served by an enterprise-grade application such as ServiceNow GRC
Governance, Risk & Compliance (5)
94%
9.4
Common repository of GRC items
100%
10.0
Risk management
90%
9.0
Integration with Corporate Performance Management (CPM) systems
100%
10.0
GRC policy management
80%
8.0
Incident management
100%
10.0
  • Enhanced employee experience.
  • Better operating processes.
  • Better control over risk.
Ease of use and configurable options not necessarily needing expensive customizations.
Excellent and knowledgable support.
Ease of use and end user-configurable options.
Genesys PureConnect, Coupa, UiPath Process Mining (formerly ProcessGold)
September 18, 2020

Great but could be better

Rajat Wadhwani | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
ServiceNow Governance, Risk, and Compliance is our central request management system along with tools to generate value out of the data. It helps to keep track of requests within a huge organization and has options to archive them. Dashboards are very intuitive in nature and add value.
  • Central Request Management System
  • Intuitive Dashboards
  • Safe and Secure
  • Not User Friendly
  • Not easily Deployable
  • Too many permissions required
There are other alternatives for a request management system that are much more user friendly.
Governance, Risk & Compliance (5)
78%
7.8
Common repository of GRC items
70%
7.0
Risk management
80%
8.0
Integration with Corporate Performance Management (CPM) systems
80%
8.0
GRC policy management
80%
8.0
Incident management
80%
8.0
  • Easy to manage requests
  • Archive them for future purpose
  • Great support
Team is very knowledgeable. The turn around time is really quick.
It is very useful once the training has been completed. Without training it is difficult to navigate the system.
Microsoft Power BI, Petrel E&P, CGI Exploration2Revenue (X2R)
September 17, 2020

Great software for GRC

Score 5 out of 10
Vetted Review
Verified User
Incentivized
As our company looked to assess and document our Internal Controls Environment and management, we looked to ServiceNow and other vendors to provide us with a framework/baseline starting point. We carefully compared features/capabilities of ServiceNow, Metric Stream, Modulo, and others and really benefited from the software demos offered by each company. We chose ServiceNow because of our already positive experience with their IT helpdesk software (was already used in our company) and how intuitively the GRC software appeared to operate. We understood that some customization was necessary, but felt it would more easily be adapted to our business versus the other options. Our experience, so far, has been positive; however, we feel we are still in the configuration/expansion phase. The challenges we are still overcoming are in our understanding of GRC attributes of our Oracle EBS R12 system, Active Directory access controls, and change control over these and other IT systems.

Our experience has been positive, and we appreciate the level of reporting and insight we gained by selecting a software like ServiceNow GRC instead of trying to handle this ourselves with documents and spreadsheets. As with most implementations, the costs occur up front, but we do expect an ROI in the next few years as we establish processes of administration, assessment, and remediation.
  • Easily configurable and potentially customizable where needed
  • Handle multiple user inputs and change management
  • Good dashboard reporting and visibility for executive team
  • Dashboard reporting takes some configuration to show KPIs needed
  • Cost may increase as we add more users/expand its scope internationally
  • Needs better templates to help our team configure and deploy effectively
Oracle EBS R12 requires a unique user skillset to understand how it handles user access and functions. Accordingly, ServiceNow has this high level of sophistication to manage this information and apply it to Sensitive Access and Segregation of Duties rules to identify exceptions. This depth of configuration is critical to accurately identify when Oracle Responsibilities (access) truly allows access and thus could be a violation.
ERPs with less complexity may not require this customization of ServiceNow GRC, but you would be wise to raise these questions and examples in the demo to ensure it will work for you. In the past, we have found that risks of under-reporting exceptions or false positives become so voluminous that users don't always get to the accurate violations for timely remediation. Proper configuration up front will improve your effectiveness and ROI down the road.
Governance, Risk & Compliance (5)
42%
4.2
Common repository of GRC items
20%
2.0
Risk management
30%
3.0
Integration with Corporate Performance Management (CPM) systems
60%
6.0
GRC policy management
20%
2.0
Incident management
80%
8.0
  • Great ROI in time savings
  • Scalable
  • Executive and Internal Audit visibility of Risks and Compliance
We performed these assessments manually for years before selecting ServiceNow GRC. Other companies we assessed were Modulo and Metric Stream. Our takeaway from the other companies was that they seemed too simplistic to handle the needs of an Oracle EBS R12 ERP and our other systems. Further, we liked the reporting elements that came out of the box from ServiceNow.
It's a good system, but I am awaiting key features in the new release. We hear that ServiceNow is continually adding new features and we look for improved reporting, better Oracle Integration, and user training opportunities. To the extent these materialize, we expect further improvements in our experience with ServiceNow GRC. Until that time, though, we believe we are meeting our objectives expected at the beginning of this project.
I'm satisfied with our experience. The configuration was the biggest challenge, but we have moved onto the stage of user training and usability. We would appreciate having better user training documentation and possibly videos and/or computer-based training to help our international users adopt this software for their GRC needs.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
I was on the team that implemented this at my former company and we are implementing this at my current company. On the security and risk teams, it is an absolute must to have a simple, repeatable way of mapping, tracking, and resolving security and risk issues. This is extremely valuable for us when we have our audits and need to provide evidence that we are adhering to what we say we do. ServiceNow GRC is very scalable and customizable which helped us meet both industry-standards and internal classification requirements in our organization.
  • Finding reported by the auditor. GRC helps us identify, assign, and track the resolution of this.
  • Exception to information security policy. These require quarterly reviews and setting up reminders to revisit these.
  • Building out new projects and baking security and compliance into the project and tracking it in GRC to ensure we deliver a compliant product on day one
  • Like all ServiceNow, there is a learning curve, but with custom forms, this is easier that it was 5 years ago.
When we build a new project, we require that baseline security settings are met. Things like strong password, password expiration, MFA, etc. GRC, you can upload evidence that you are following this and a security team member or PM can view the evidence and see that (at a point in time) it was compliant.
Governance, Risk & Compliance (5)
72%
7.2
Common repository of GRC items
80%
8.0
Risk management
70%
7.0
Integration with Corporate Performance Management (CPM) systems
80%
8.0
GRC policy management
80%
8.0
Incident management
50%
5.0
  • Mostly cultural change. If teams aren't aware of the new implementation of GRC and they get a request to answer questions, it can be confusing. This is cultural and not a con against the product.
RiskVision was difficult to use, only worked in certain browsers and was an external system of what we used for other things. We had ServiceNow for a while and using the ServiceNow GRC was much better than some external tool that wasn't great for us.
ServiceNow support is great. Very responsive and helpful.
Some learning curve, but it comes up
Splunk Cloud, ServiceNow Configuration Management Database (CMDB), Workspace ONE Powered by AirWatch, CrowdStrike Falcon Complete
Return to navigation