0
22.3.2
Australia Patch 3, Australia, Zurich Patch 7, Zurich Patch 4, Zurich, Yokohama Patch 12, Yokohama Patch 9, Yokohama Patch 6, Yokohama Patch 5, Yokohama Patch 4, Yokohama Patch 2, Yokohama, Xanadu Patch 9, Xanadu Patch 8, Xanadu Patch 4, Xanadu
Standalone Application
The ServiceNow® Privacy Management application helps customers manage enterprise-wide privacy programs while staying informed about privacy risks and regulations. The application enables organizations to unify and scale data privacy governance on a single platform, embed privacy considerations into business operations, and foster a privacy-by-design culture.
The Privacy Management application provides privacy screening assessments and privacy impact assessments to discover where personal information (PI) is stored, who owns it, and how it is being used.
It also offers the following capabilities:
- Apply controls automatically based on assessment responses
- Monitor using an automated continuous control monitoring framework
- Maintain a record of all the processing activities
- Automatically identify and report issues
- Discover business processes, applications, services, and vendors that process personal data, with support for both manual and automated data discovery.
- Maintain a record of processing activities.
- Conduct Privacy Impact Assessments (PIAs) for existing and new processes, applications, and services, including portal capabilities for PIA responses.
- Proactively request PIAs for new implementations, applications, and processes directly from the Employee Center, supporting privacy-by-design principles.
- Send multiple types of PIAs to various key stakeholders for a single processing activity.
- Automatically map controls, risks, and information objects (such as email, phone, and SSN) based on PIA responses.
- Empower business users to update processing activity details.
- Assess privacy risk posture using advanced risk assessments and reports, incorporating both manual and automated factors.
- Obtain control and risk suggestions based on personal information mapped to processing activities.
- View privacy compliance posture reports based on control attestations.
- Use the Privacy Management Workspace for enhanced reporting on processing activities and control objectives.
- View reports and gain a 360-degree view of information objects, highlighting related processing activities, applied regulations, policies, and risks for each personal data record.
- Monitor and track privacy regulatory changes by integrating with Regulatory Change Management. This integration requires an IRM Professional or the IRM Enterprise license.
- New
- Configure the Personal Data Rights (PDR) external-facing form to map jurisdictions to data subject types and request types, and control whether an authorized agent can submit a request on behalf of a data subject.
- Enable key stakeholders to view and update processing activities that they own directly from GRC tasks in the Employee Center.
- Activate ready-to-use privacy content for three new authority documents, Digital Personal Data Protection Act 2023 (DPDPA), the Virginia Consumer Data Protection Act, and the Colorado Privacy Act, and adopt an updated privacy risk statement version that adds new risk statements.
- Manage Smart Assessment templates with versioning support. Create, publish, and delete template versions to support consistent assessment governance.
- Changed
- Query range ACL's:
- Consistent access control: All tables include standardized query range security ACLs. These ACLs ensure that authenticated users with appropriate read permissions can query records consistently across the platform.
- Seamless upgrade experience: New query ACL rules are installed automatically during upgrade, with no administrator action required. Automated upgrade scripts handle the transition, including detecting and processing previously customized ACLs to ensure existing processes continue without interruption.
- Post-upgrade review for customized ACLs: If the instance includes administrator-modified query range ACLs, review those records after upgrade to confirm they align with the intended access policy.
- Enabled Audit entries support for privacy and related records.
- Query range ACL's:
The following GRC applications must be installed and activated:
- GRC: Policy and Compliance Management (com.sn_compliance)
- GRC: Compliance Assessment (com.sn_comp_asmt)
- GRC: Common Workspace Elements (com.sn_grc_workspace)
- GRC: Advanced Risk (com.sn_risk_advanced)
Permissions and roles:
- Role required to install the application: System Administrator (admin)