5 steps to a successful GRC ServiceNow implementation
Five Steps to a Successful ServiceNow GRC Implementation
So, you’ve bought ServiceNow GRC module that Gartner ranks as with the highest ‘ability to execute’ in the Leaders quadrant for Integrated Risk Management. You’ve got a high profile project or two to implement on the platform, and you want to be sure that you plug into the power of the ServiceNow GRC platform. You’ve seen some implementation tips for ITSM but not for GRC. Here are some ServiceNow GRC tips from experience:
1. Invest a bit more in adopting the GRC module philosophy for the first project.
It’s highly integrated and automated and different from the ITSM module that you might be familiar with. Don’t let the tactical project goals defeat the power of the ServiceNow platform by shortcutting the “out-of-the-box” automation provided in the GRC module. Don’t let tactical decisions incur technical debt that will make scaling and downstream projects difficult.
2. Consider adopting SN workflows in full or partially.
Rather than imposing your current process unmodified into the ServiceNow GRC workflows, take a look at the workflow example presented in the SOX Content Pack as a basis for how it may work in your organization (even if SOX is not relevant for you, it is a good workflow example).
3. Seek advice
Seek advice from those who have successfully implemented the GRC module before through the ServiceNow GRC community board, SNUG, specialty GRC Service Partners, and the ServiceNow GRC teams. A few hours of advice and counsel on the first project can save you hours of time and expense out of the gate and going forward. Seek advice from a Service Partner specializing in GRC and SecOps who has managed multiple customer implementations to speed adoption and effectiveness of your particular systems.
4. Set a series of small achievable goals that you can build upon.
Scoping to achieve the initial goals is an important factor to establish workflows and momentum in the initial steps of implementation, and coordinating the participation of the multiple groups is essential.
5. Pay attention to the user experience.
Pay attention to the user experience for all those that will participate in the GRC workflow, as adoption by users can be a key factor in success versus resistance. ServiceNow provides several tools to craft an effective user experience for various audiences, including Virtual Agent, Service Portal development, Guided Tour, and Roles. Accommodating their usability requirements and providing usage training and guidance is important to success.
SHAW Data Security is an official ServiceNow Services Partner specializing in GRC, Integrated Risk, and Security Operations. SHAW Data Security offers ServiceNow Advisory Services, Implementation/Development Services, and Managed Services for ServiceNow GRC and SecOps customers, based on years of experience managing budget, operations, information security, and compliance in the financial services, healthcare, media, public and technology industries.
