Privacy and Privacy Management is not new in San Diego, but the elements of the broader solution are now, with San Diego at a stage where we see potential and direction. A single solution where primarily data and processes are combined and privacy is managed with data in focus, in contrast to the common approach of having focus in the information processing systems. Historically we have seen that Privacy has been managed on the Business application level, and the transparency on and between information objects, classifications and logical connections (data, data processing systems and the dependent processes) has been missing altogether.
Some of the interesting aspects are aligned with the overall tendencies and directions for the platform:
- Leverage data as an object
- Separate data, process and processing systems
- Split up and reallocate impact assessment to more appropriate objects and owners (process ad data)
- Aligned with tendencies within master data governance
- The connection between Data, Business Application and Processes
The Privacy Management solution is maturing and some of the initial child diseases have been remediated. So this solution, still not perfect, is aiming at combining this, providing structure allowing for transparency, and providing a different take on impact assessment and systems categorization for control applicability. There I still too little connection and thus the benefit of specifications and details from the CMDB, relations, and Service mapping.
Why do this
Transparency, efficiency, consistency, and appropriate ownership and assignment are the primary benefits of making this transition.
Better overview of data flows and disbursement – easier to comply with relevant privacy legislation e.g. GDPR.
Optimization and consistency in minimizing effort in impact assessments on data, such that data processed in multiple applications
- are only impact assessed once,
- by a person who has more in-depth knowledge of the importance and value of the data,
- that the impact to the data is the same (consistent) regardless of the application in which it is processed.
Policy Authoring & redlining
With the Rome release, we were introduced to the Compliance Workspace, which was a great enhancement regarding policy- and compliance process work.
With the San Diego release, ServiceNow took an even further step and now introduces a new feature for policy life-cycle management called Policy Authoring & Redlining, where it is now possible to collaborate across the enterprise using O365. It is intended to improve the overall policy authoring and redlining experience by enabling policy owners, collaborators, reviewers, and approvers to collaborate using Microsoft OneDrive and ServiceNow Compliance Workspace.
From the workspace policy owners will have more flexibility when drafting new policies:
- Create a new policy in ServiceNow and connect it to a OneDrive folder to allow the policy to be edited in ServiceNow and OneDrive
- Pull an existing policy into ServiceNow from a OneDrive folder
Whether a policy was drafted in ServiceNow and pushed out to OneDrive, or an existing policy was pulled into OneDrive, the owner will know all updates are tracked in both locations when the sync toggle is turned on in the Workspace.
This new feature is a great example of how ServiceNow intelligently strengthens what the platform is good at; being the underlying workflow engine that combines process activities. This enhancement thereby fixes what needs to be fixed: policy management workflows & transparency while also acknowledging non-classical ServiceNow users’ ways of working.
The tendency is to appeal to non-classical users, by improving UI and allowing users to contribute using a UI that is recognizable, which is quite interesting. It could potentially be an enabler for getting data in, while also engaging a broader user base to assist with maintaining updated policies and avoid audit- and compliance risks.
The workspaces have been around for quite some time now and they came to IRM space in the Rome release. In the ServiceNow San Diego release, the workspaces were put together with the visual design called Polaris UI to bring together all platform apps into one experience.
If you are not yet familiar with workspaces, they are part of a New Now Experience UI Framework that is being introduced across all platform applications, such as IT Service Management, Customer Service Management or Security Operations. It is a new visual design that improves the look, feel, and usability of the applications.
In the IRM, we have quite a lot of workspaces for different personas. There is a workspace for Risk, Privacy, Compliance (including Regulatory Change), Audit, Vendor Risk Management, and Risk Assessments.
Let’s not go through the workspaces one by one but focus on the usability.
The workspaces are part of all IRM entitlements but they are not part of legacy GRC or ITSA licenses. It means that the new customers are entitled to use the workspaces and the existing customers with legacy licensing models need to migrate to the new IRM licensing model to leverage this new persona-based experience.
If you are a new ServiceNow IRM customer or you are using the IRM without any customizations, the workspaces will work great for you. However, if your IRM application is already customized and you have implemented new processes, it might take some time to configure the workspaces to your liking and to fit your needs.
Overall, the workspaces are a great feature of ServiceNow IRM applications and can be leveraged in addition to standard UI.
Don’t hesitate to contact us to receive the most actual information regarding ServiceNow and its products. Feel free to reach out in case you are interested in a demo or professional services.