ServiceNow IT Governance, Risk and Compliance

ServiceNow IT Governance, Risk and Compliance by ServiceNow Inc.

ServiceNow IT Governance Risk and Compliance (IT GRC) automates the business-critical process of measuring and managing adherence to legislative policies, such as Sarbanes-Oxley (SOX), and industry ITIL framework like Control Objectives for Information and Related Technology (COBIT). 


  • Automatically collect information from service management processes in ServiceNow as evidence of compliance
  • Validate information in the ServiceNow Configuration Management Database (CMDB) using data certification
  • Manage publishing and version control of policies using document and knowledge management capabilities built into ServiceNow
  • Report assessment results and remediation activities through ServiceNow dashboards – the same ones used for service automation
  • Establish a set process for validating controls and control tests using audit definitions
  • Reduce the time and effort required to gather compliance evidence by automating defined collections on a scheduled basis
  • Prepare for audits by organizing and assigning tasks that need to be performed before and during an audit
  • Ensure continued compliance by enforcing policies and directives with controls and control tests
  • Respond to control test failures and audit observations as they happen by automatically creating remediation tasks