ServiceNow GRC
February 23, 2016

ServiceNow GRC

Nick Bettes, CRISC, MBA | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with ServiceNow

ServiceNow was already a product being used by my company. Within Information Security, we had a need for a GRC platform. It came to our attention ServiceNow offered this. Out of the box there was very little that could be leveraged to support a robust GRC platform. However, all the functionality was there to be used after extensive configuration, etc. Some custom code was required although we tried to limit wherever possible. After approximately 8 - 10 months of designing and developing our requirements into the tool, we had a program that could be supported by a GRC tool, that was largely built in a way that would fit our needs and current processes. The only cost was the additional license. The only frustration that comes from choosing ServiceNow, is that it took several months to get what other GRC tools (e.g. Modulo, MetricStream, etc) offer out of the box. However, that comes at a much higher cost. I would recommend ServiceNow Governance, Risk and Compliance (GRC) to anyone already using ServiceNow for Service Management and has a limited security budget. The other benefit is the integration with an existing CMDB or asset inventory where ServiceNow is the record of reference.
  • ServiceNow GRC is easily configurable. It does not require an extremely large team to support a decent size company.
  • While out of the box it does not deliver functionality offered by other GRC competitors, it can easily be designed. And by giving you the ability to design, you can make it fit your program with relative ease.
  • Cost benefit if ServiceNow is already leveraged within the environment. Deploying GRC capabilities comes at the cost of extra licenses.
  • Delivering more out of the box functionality that rivals other GRC platforms. The bare bones approach may not help companies that do not have expertise or capabilities to build effective GRC processes.
  • Easier way to implement workflow.
  • Offering better metrics without buying add-on tools.
  • It provided a polished look on our risk program that Excel and PPT could not provide.
  • Made it much easier to manage hundreds of risks at any given time.
  • Provided clear view of ownership of risks with risk impact, etc.
This response would have been provided in previous responses. There are pro's and con's to selecting the tool. It stacks of very nicely when you have time to develop and deploy the right processes.
It is well suited when you already have ServiceNow installed in the environment. You can benefit from a budgetary perspective as there's no need to buy another tool that requires support, cost, etc. You can also benefit as there is easy integration with your asset library if you leverage for your CMDB, etc.

It is less appropriate if there are adequate resources (people and money) and you want to quickly hit the ground running with a more enhanced, robust GRC platform. Other products would require less development as industry processes are delivered out of the box for systems that are truly GRC tools.