Well produced, built out, mature. Great add-on to ServiceNow
September 15, 2020

Well produced, built out, mature. Great add-on to ServiceNow

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

IRM Professional

Overall Satisfaction with ServiceNow Governance, Risk, and Compliance

I was on the team that implemented this at my former company and we are implementing this at my current company. On the security and risk teams, it is an absolute must to have a simple, repeatable way of mapping, tracking, and resolving security and risk issues. This is extremely valuable for us when we have our audits and need to provide evidence that we are adhering to what we say we do. ServiceNow GRC is very scalable and customizable which helped us meet both industry-standards and internal classification requirements in our organization.
  • Finding reported by the auditor. GRC helps us identify, assign, and track the resolution of this.
  • Exception to information security policy. These require quarterly reviews and setting up reminders to revisit these.
  • Building out new projects and baking security and compliance into the project and tracking it in GRC to ensure we deliver a compliant product on day one
  • Like all ServiceNow, there is a learning curve, but with custom forms, this is easier that it was 5 years ago.
  • Mostly cultural change. If teams aren't aware of the new implementation of GRC and they get a request to answer questions, it can be confusing. This is cultural and not a con against the product.
RiskVision was difficult to use, only worked in certain browsers and was an external system of what we used for other things. We had ServiceNow for a while and using the ServiceNow GRC was much better than some external tool that wasn't great for us.
ServiceNow support is great. Very responsive and helpful.
Some learning curve, but it comes up

Do you think ServiceNow Governance, Risk, and Compliance delivers good value for the price?

Yes

Are you happy with ServiceNow Governance, Risk, and Compliance's feature set?

Yes

Did ServiceNow Governance, Risk, and Compliance live up to sales and marketing promises?

Yes

Did implementation of ServiceNow Governance, Risk, and Compliance go as expected?

Yes

Would you buy ServiceNow Governance, Risk, and Compliance again?

Yes

When we build a new project, we require that baseline security settings are met. Things like strong password, password expiration, MFA, etc. GRC, you can upload evidence that you are following this and a security team member or PM can view the evidence and see that (at a point in time) it was compliant.

ServiceNow Governance, Risk, and Compliance Feature Ratings

Common repository of GRC items
8
Risk management
7
Integration with Corporate Performance Management (CPM) systems
8
GRC policy management
8
Incident management
5