Organizations need to ensure continuity in serving customers, delivering products and services, and protecting their workforce in the face of adverse operational events by anticipating, preventing, recovering, and adapting to potential disruptions.
The ServiceNow® Operational Resilience Management application enables organizations to anticipate and plan for adverse operational events. Business unit heads can leverage this application to maintain oversight and speed recovery. The application provides a 360-degree view of risk, control, and business continuity planning across functions such as facilities, people, processes, and technology along with visualization of hierarchies which provide a clear impact path in case of any failures or outages.
- Track critical services/products under high risks
- Track the compliance status around critical services
- Identify supporting technology assets, facilities, people, and suppliers
- Plan resiliency around different functions
- Track recovery from adverse events and improve your resiliency program based on learnings from the past events
- Optionally integrate with ServiceNow® GRC: Business Continuity Management or Vulnerability Response applications
- Resilience Map for visualization of hierarchies and impact tracing
- Fixes for scheduled jobs. By default, for new clients, the scheduled jobs will be inactive.
Scenario Analysis:
Organisations conducting operational resilience planning need a structured, repeatable way to assess the potential impact of adverse scenarios on their critical business services. In the current experience, analysts are required to manually answer every question for each scenario event while accounting for all scoped services and dependencies — with no guided workflow to follow. Steps open as independent tabs, causing users to lose their place, and results are limited to a flat "breached / not breached" output that offers little analytical depth.
The revamped Scenario Analysis experience addresses these gaps by introducing a guided, Playbook-style workflow that walks users through each stage of the analysis sequentially, eliminating navigational confusion. It also introduces a Statistical Modeling method that uses reference data as inputs and runs simulations through a mathematical model to produce quantified, data-driven results — such as average annual loss and probability of loss exceedance. This makes the analysis faster, more consistent, and more defensible. For organisations that prefer expert judgment over modeled outputs, the Manual SME method is retained alongside the new flow.
Security Vulnerability Remediation:
Enforces security on cross-scope data access by restricting the getRefRecord() method, providing upgrade paths and guidance for secure application usage.
The following GRC applications must be installed and active:
- Plugin - GRC: Assessment Designer (com.snc.risk_asmt)
- GRC: Profile (sn_grc)
- GRC: Common Workspace Elements (sn_grc_workspace)
- Data relationships Framework (sn_grc_rel_config)
-
GRC: Core Case Management (sn_grc_case_mgmt)
- Smart Assessment Impact Automation (sn_smart_imp_auto)
- Collaboration features for Smart Assessment (sn_smart_collab)
Permissions and roles:
- Role required to install the app: System Admin (admin)
Other Requirements:
When updating the Operational Resilience Management application, ensure that all other installed GRC applications are upgraded to the corresponding release version.