NC State began its quest to implement ServiceNow's GRC module during the summer of 2019. We started with a single control and an attestation for all department heads to complete. That just made us hungry for more. This presentation will review what we've accomplished so far and show the multi-year project implementation schedule we have to grow GRC across campus.
We're now looking at taming the beast by implementing IT exceptions, leveraging UCF for control import, managing compliance with HIPAA, ISO 27002, NIST 800-171/CMMC, university policies/regulations/rules through a combination of managing control requirements with business risk management. The long-term goal is to expand use to areas outside of IT such as compliance officials and enterprise risk management functions across campus.