New features in ServiceNow IRM for Quebec release

ServiceNow is responding to the customer’s need for additional functionalities and integrations, releasing functionalities for IRM each month. 

In this article, we would like to summarize and highlight the key functionalities released in the past months by ServiceNow store releases that are now available in Quebec.

Operational Resilience Management

One of the major new additions is the introduction of the Operational Resilience Management, demonstrating that ServiceNow goes beyond the IT risk and is truly an enterprise risk management platform.

In today’s environment organizations are facing increasing operational risk due to the COVID-19 pandemic and continued economic, geopolitical, and climate change-driven disruption, resilience is on top of mind for business leaders. They need a single view to keep an eye on critical services across the enterprise to stay resilient. The ability to effectively communicate with employees and the crisis team is key.

There is usually a variety of tools and departments where data is collected to help identify risks, issues, and events. However, a single integrated view on the data is often missing for the organization to see the big picture and be able to effectively respond to a disruption. 

ServiceNow Operational resilience management allows organizations to anticipate, prevent, respond and adapt to adverse events. It helps organizations tackle this objective at a practical level with specific dashboards for monitoring and maintaining key resilience pillars: technology (including cybersecurity), facilities, people, and suppliers. 

With Operational Resilience Management, each role sees a dashboard with relevant critical services, risks, controls, and issues that help them to overcome the gaps, delays, and overhead due to typical organizational and data silos. Using a new role-based dashboard, critical notifications are available to employees via multiple channels, collaboration with the crisis team is made easier, and the details of the recovery are adequately tracked.

Image 1: Operational Resilience Dashboard. Image source: ServiceNow.

Continuous Authorization and Monitoring

Digital transformation isn’t just a ‘buzz’ word within the private sector. Digital transformation is also occurring in the public sector including government critical infrastructure increasing the attack surface that can be exploited by cyber-criminals and attackers.

Addressing security risk is a common challenge for almost every organization. Poor security measures lead to breaches, loss of data, reputation and customers.  For the government, this could mean the compromise of classified information that could put our people or nation at risk. 

The ServiceNow Continuous Authorization and Monitoring application is designed to address the requirements of NIST RMF and other risk frameworks such as NIST CSF, GSA, DHS, FedRAMP, TIC, and ISO 31000. Continuous Authorization and Monitoring automates painful processes, enables risk-informed security decisions with better visibility and improves the accuracy and timeliness of information resulting in a faster response time.

Key features of Continuous Authorization and Monitoring

• Continuously monitor the state of compliance and authorization of your programs and missions to identify compliance violations or emerging risks using key indicators.
• Identify assets in real-time or manage assets manually with deep integration to CMDB to help assess business impact.
• Assign baseline controls automatically based on categorization and easily inherit common controls
• Automatically generate a system security plan based on customizable self-populating templates with up-to-date data.

Image 2: Continuous Authorization and Monitoring Authorization package lifecycle. Image source: ServiceNow.

Regulatory Change Management

In today’s complex regulatory landscape, organizations are constantly on their toes keeping pace with new and changed regulations and the constant risk of non-compliance. 

Regulatory Change Management solution enables organizations to proactively manage regulatory changes to keep pace with today’s ever-changing regulatory environment with constantly expanding obligations. ServiceNow provides out-of-the-box integration Thomson Reuters Regulatory Intelligence and source regulatory content from public RSS feeds. Other regulatory intelligence providers are actively working to provide additional integrations.

The Regulatory Change Management solution provides role-based visibility into the regulatory landscape for managers, including events, tasks, and due dates. Configurable reports, notifications and alerts increase the transparency of regulatory compliance across the organization and especially with leadership.

Image 3: Regulatory Change Management Dashboard. Image source: ServiceNow.

News in Issue Management

Introduction of Issue triage

One of the main improvements for Issue Management is the introduction of issue triage and management workflow. 

Service Portal is a single entry point for end-users to report a compliance or risk issue. Based on various questions, issue triage then helps to identify the issue source, the actual problem so that the issue can be identified as a compliance issue or a risk event and assigned to the appropriate owner for prioritization and resolution.

Issues grouping and remediation using AI/ML

The new enhancements were done in issue grouping and remediation using ServiceNow artificial intelligence and machine learning.ServiceNow can now suggest grouping similar issues using AI/ML. It analyzes similar issues and predicts the correct issue group for the current issue or creates a new group for similar issues. 

This improvement reduces the time spent in finding similar issues to be grouped leading to faster resolution.

The second part can predict remediation tasks using AI/ML that might apply to the current issue. The user will have an option to view or copy the task. This also reduces the time spent while working on remediation tasks.

Image 4: Issue remediation – predicting remediation tasks using AI/ML. Image source: ServiceNow.

Policy acknowledgment scheduling

Policy acknowledgment management also received several useful features that make the process more user friendly and easier to manage:

• You can now set up frequency for acknowledgment campaigns per policy
• Ability to schedule acknowledgment campaigns automatically based on the frequency
• Ability to send out acknowledgment tasks to newly added users to the audience for an ongoing campaign
• Due date extension for newly added users to the campaign was introduced
• Ability to cancel acknowledgment tasks for users removed from the audience for an ongoing campaign
• ServiceNow provides a warning when the policy is retired that the associated campaign will be canceled

Business Continuity Management enhancements

Last but not least, there were several improvements in ServiceNow Business Continuity Management. Following are the highlights for Quebec:

• Ability to track assets based on threat feeds and visualize threat radius on a geographical map – send messages/plans from map visualization
• You can analyze the impact of assets to determine RTO and data backup frequency
• Enables active plans based on impact – track and analyze recovery proceedings
• Enables Correct Business Continuity strategy and continuity/recovery plans based on exercises

Image 5: Business Continuity Management Disaster Recovery Plan. Image source: ServiceNow.

Closing notes

Quebec release is packed with a lot of new applications and enhancements to help you drive the digital transformation of IRM. If you are interested in a demo for any of the functionalities or support with your ServiceNow IRM, please don’t hesitate to contact us. 

Store vs Family release

What is the difference between store releases and family releases and how the IRM area is leveraging this?

Traditionally, ServiceNow provides new functionalities only with a major family release such as Orlando, Paris or Quebec. However, in the IRM area, things are changing too rapidly and ServiceNow wants to be able to provide new functionality at a more rapid pace. That’s why new functionality for IRM is released in the store releases that are coming out every month and many of these are backward compatible with the traditional family releases.

Complete list of all new features for Quebec Release by month:

October – December

• Operational Resilience Management
• Continuous Authorization and Monitoring (for NIST RMF)
• Advanced Core: issue triage and issue grouping and remediation using AI/ML. Evidence requests from 1st and 2nd line
• Advanced Risk Assessment Engine Enhancements; Application and Project risk assessments; Persona-based dashboards
• Vendor Risk Management: external monitoring framework, guided experience, issue risk factoring
• Cybersecurity Control Accelerator (for CIS)
• Advanced Audit integrates with PPM for new Resource & Cost tabs
• Regulatory Change Management with Thomson Reuters Integration for Regulatory Intelligence

January – March

• Technology Controls Accelerator updates:
  • Automated/scripted indicator templates
  • Status and issue reports
• Advanced Audit integrates with PPM for timesheets tab
• Schedule policy acknowledgments
• Regulatory Change Management (RCM):
  • Subscribe to RSS feeds
  • View potentially impacted policy and risk statements
  • View all regulatory events that are part of the same series
  • Create and track issues from within RCM
• Business Continuity Management enhancements: 
  • Analyze the impact of assets to determine RTO and data backup frequency
  • Activate plans based on impact – track and analyze recovery proceedings
  • Correct BC strategy and continuity/recovery plans based on exercises

Disclaimer: Information and screenshots used in this article are coming from official ServiceNow documentation released for the Quebec upgrade.

Do you have any questions? Don’t hesitate to contact us!