- My View
They are parts/products of your engagements
I know they are products. I do not know where to find them in the Vendor Risk Management module.
Issues and tasks are created on-demand before the assessment is closed, usually during the Generating Observations state. The vendor risk analyst and the vendor work together to achieve closure on non-compliance.
Remediating an issue marks an intention to fix the underlying issue causing the control failure or risk exposure. Accepting an issue marks an intention to create an exception for a known control failure or risk. Controls that are Accepted remain in a non-compliant state until the control is reassessed. In this way, the issue can be used to document observations during audits.
In ServiceNow I did not see a module called "PCI." Trying to build questionnaires and view assessments. When I navigate to view "all assessments", I receive an error "execute operation on script include 'SysRelatedList' from scope 'GRC:Vendor Risk Management" was denied. The application 'BRC:VEndor Risk Management' must declare a cross scope access privilege."
Initially I was seeing that this was a scoped application--that message seems to have gone away. I was already in the GRC: Vendor Risk Management application .
I understand the concept of remediation, but I am not seeing how to get to it in the GRC application..
Vendor RM is licensed and activated separately
One instance is Dev (which our rep said we did not need a license), and the other is on a personal instance.
I already installed Vendor Risk Management and activated it.