Please use docs.servicenow.com for the latest documentation.

This site is for reference purposes only and may not be accurate for the latest ServiceNow version

Compliance

From Wiki Archive
Jump to: navigation, search


Overview

Compliance is a tool set that enables administrators to certify ServiceNow data for correctness and fix any discrepancies found in the data. Compliance offers these certification options to suit your organization's size and requirements:

  • Desired State: Automatically compares the actual attributes and relationships of specific ServiceNow records against the desired states for those records. For example, an audit can detect a Linux database server with insufficient RAM or whose Depends on relationships with another CI is incorrect. The system then publishes any discrepancies found and automatically assigns follow-on tasks to qualified users to bring that server into compliance.
  • Architecture Compliance: Automatically compares the actual attributes of specific CIs, such as CPU count, RAM, or disk size against the expected attributes for those CIs. The system publishes any discrepancies found and automatically assigns remediation tasks to qualified users.

Compliance is available starting with the Dublin release.

Compliance Templates and Audits

The Templates and Audits modules on the top level of the Compliance menu enable a certification_admin user to create, edit, and delete all template and audit types. You can use compliance templates and audits to evaluate records for any table in ServiceNow, not just those extending the Configuration Item [cmdb_ci] table. Compliance audits certify record attributes only. Compliance templates can be used in control test definitions in Governance, Risk, and Compliance.

Architecture Compliance

Architecture compliance performs scheduled or on-demand audits of configuration management database (CMDB) data to determine which configuration items (CI) match the expected attributes. The compliance process checks servers to ensure that their resources, such as CPU speed or memory, comply with standards set by your organization. Audit reports show any discrepancies in the attributes of the target CIs, and ServiceNow automatically assigns follow-on tasks to qualified users who can remediate those discrepancies.

Desired State

Desired state performs scheduled or on-demand audits of CMDB data to determine which records match the expected attributes, CI relationships, and relationships to other records in the system. For example, desired state can determine if a computer has a license for a particular software program. The compliance process checks configuration items (CI) to ensure that their attributes and relationships comply with standards set by your organization. Audit results show any discrepancies in a record's desired state, and ServiceNow automatically assigns follow-on tasks to qualified users who can remediate those discrepancies.

Menus and Modules

Users with the certification_admin or admin role can access the Compliance menu. Users with the certification role can access their follow-on tasks only.

Compliance menus and modules
  • Overview: View an overview page summarizing current audit states, outstanding certification tasks, and discrepancy counts.
  • Filters: Create, edit, and delete active certification filters.
  • Templates: Create, edit, and delete certification templates for all audit types for ServiceNow tables. Use this link to create and manage templates whose audit type is Compliance. Templates of this type are used to audit records from tables other than Configuration Item [cmdb_ci].
  • Audits: Create, edit, and delete certification audits. All audits in the system are visible from this module. If you create a new audit from this module, ServiceNow gives it the Compliance audit type.
  • My Follow On Tasks: View all certification follow-on tasks assigned to you in this module.

Desired State

Architecture Compliance

  • Overview: View an overview page summarizing upcoming audits, outstanding follow-on tasks, and the most common discrepancy types.
  • Templates: Create, edit, and delete active architecture compliance certification templates.
  • Audits: Create, edit, and delete architecture compliance certification audits.
  • Audit Results: View architecture compliance results grouped by audit.
  • Follow On Tasks: View and complete certification follow-on tasks generated by an architecture compliance audit.

Scripted Audits

Activating Compliance

Compliance functionality is provided by the Certification Core plugin which is used by the following applications. Certification Core cannot be activated by itself, but is activated automatically when either of the first two applications is activated:

Enhancements

Eureka

  • You can add an attribute to the ServiceNow system dictionary that defines the desired state for a specific field for individual classes of CIs, such as Linux or Windows servers. Additional condition operators in certification templates enable you to compare actual values with desired state values in audits. Desired states for specific fields is available for all compliance types except scripted audits.
  • You can define threshold and stability for audit results on a desired state field. This allows you to audit the audit results and determine the stability of a CI based on how often it falls out of compliance in a specified health window.
  • Two additional reports track exceeded thresholds and unstable CIs resulting from desired state audits.