Overall Satisfaction with ServiceNow
ServiceNow was already a product being used by my company. Within Information Security, we had a need for a GRC platform. It came to our attention ServiceNow offered this. Out of the box there was very little that could be leveraged to support a robust GRC platform. However, all the functionality was there to be used after extensive configuration, etc. Some custom code was required although we tried to limit wherever possible. After approximately 8 - 10 months of designing and developing our requirements into the tool, we had a program that could be supported by a GRC tool, that was largely built in a way that would fit our needs and current processes. The only cost was the additional license. The only frustration that comes from choosing ServiceNow, is that it took several months to get what other GRC tools (e.g. Modulo, MetricStream, etc) offer out of the box. However, that comes at a much higher cost. I would recommend ServiceNow Governance, Risk and Compliance (GRC) to anyone already using ServiceNow for Service Management and has a limited security budget. The other benefit is the integration with an existing CMDB or asset inventory where ServiceNow is the record of reference.
- ServiceNow GRC is easily configurable. It does not require an extremely large team to support a decent size company.
- While out of the box it does not deliver functionality offered by other GRC competitors, it can easily be designed. And by giving you the ability to design, you can make it fit your program with relative ease.
- Cost benefit if ServiceNow is already leveraged within the environment. Deploying GRC capabilities comes at the cost of extra licenses.
- Delivering more out of the box functionality that rivals other GRC platforms. The bare bones approach may not help companies that do not have expertise or capabilities to build effective GRC processes.
- Easier way to implement workflow.
- Offering better metrics without buying add-on tools.
- It provided a polished look on our risk program that Excel and PPT could not provide.
- Made it much easier to manage hundreds of risks at any given time.
- Provided clear view of ownership of risks with risk impact, etc.
This response would have been provided in previous responses. There are pro's and con's to selecting the tool. It stacks of very nicely when you have time to develop and deploy the right processes.