IRM/GRC Segregation of Data

As a Business Unit Manager, you do not want your Risks and Control Failures to be visible by other Business Unit Managers. You want them visible only by your boss and you boss's boss.

Based on a Configuration Page, you can elect how you want you segregation to work. 

For instance, you may want to use the "Country" fields from your User record, or you may want to use roles or groups to provide access.

You will need all identified users, owners, stakeholders or groups on the IRM/GRC records to keep access to their records.

You will need all access to a record to grant access to related "downstream" records.

belasis® will help you to manage this complexity by a simple configuration that will generate the correct Before Query Business Rules for all the key IRM/GRC Tables.

Certified and available on Servicenow Store (

Regulatory Content Providers Integration

Servicenow® proposes a standard integration with the UCF (Unified Compliance Framework). We add an integration engine to allow you pulling regulatory content from many other sources within a single engine.

The UCF is great for Technology related regulatory content and for US-based sector requirements, but very poor for pure sector regulatory content (Financial Services, Telecom, Public, Pharma, Healthcare, etc...) and poor for local content (EMEA, APAC, South America, etc...).

belasis® brings to the market an integration engine that will allow you to connect - if you have an account - to multiple regulatory sources:

  • Big 4 (KPMG, EY, Deloitte, PWC)
  • BAE Systems. Wolters Kluwer, HiTrust, UCF
  • Risk Spotlight, Lisam, Enhesa, Cortellis, etc...

You will be able to build your Control Framework, correlating several regulatory sources at once, bringing each of them for their specific content values.

IRM/GRC Relationships Synchronisator

IRM/GRC needs to maintain relationshops between Entities. You do not want to maintain these twice, within the CMDB and the Organisation tables and within IRM/GRC.

The GRC Workbench is a great IRM/GRC feature. Its helps you to maintain the aggregation / roll up paths for your Entities and your Risks. But maintaining all these "upstream / downstream" relationships can soon become unscalable.

It is even more frustrating that these relationships already exist and are already maintained somewhere else:

  • in the CMDB for Technology / Processes / Information Assets relationships
  • in the Organisation tables for the Org structure (Companies, Business Units, Departments, etc...).

belasis® proposes a configurable solution to inherit automatically these existing relationships for the existing IRM/GRC Entities.

Certified and available on Servicenow Store (

Physical Security Incident Response