Introduction
Imagine you're the Risk Manager of a multinational company. Your job is to ensure that IT systems, business processes, and vendors comply with regulations and are safe from potential risks. But how do you organize and track everything in one place?
That’s where Entities in ServiceNow Integrated Risk Management (IRM) come into play.
In this blog, we’ll explore how Entity Classes, Types, Filters, and Relationships help you build a structured risk management system.
1. What is an Entity in ServiceNow IRM?
An Entity represents anything your organization needs to assess for risks, compliance, and audits. This could be an IT system, a vendor, a department, or a process.
Real-Life Examples of Entities
- A data center that requires a cybersecurity risk assessment.
- The Finance department needs compliance checks.
- A third-party vendor that must meet regulatory standards.
Each entity can be classified, filtered, and connected to risks, policies, and controls to ensure smooth risk management.
2. Entity Classes: The Big Categories
Entity Classes are the top-level categories under which entities are grouped.
Common Entity Classes in ServiceNow IRM
| Entity Class | What It Represents |
|---|---|
| Business Process | Payroll, Procurement, HR Process |
| Business Unit | Finance, IT, HR, Sales |
| Facilities | Office, Data Center, Warehouse |
| IT Services | Cloud Storage, CRM System |
| Vendor | Cloud Provider, Logistics Partner |
| Legal Entity | Subsidiary, Regional Office |
Why Do Entity Classes Matter?
- They help categorize entities for better organization.
- They define specific risk assessment structures.
- They allow for customized policies and controls.
3. Entity Types: Adding More Specificity
Within each Entity Class, there are Entity Types that further categorize entities.
Example of Entity Classes vs. Types
| Entity Class | Entity Type |
|---|---|
| Business Process | Payroll, Procurement, Inventory Management |
| Business Unit | Finance, HR, IT, Sales |
| IT Services | Cloud Storage, On-Prem Database, CRM System |
| Vendor | Cloud Provider, IT Vendor, Logistics Partner |
How It Helps?
- Enables granular classification of entities.
- Helps apply custom risk assessments based on type.
- Improves filtering and reporting in dashboards.
4. Entity Filters: Finding the Right Data
Entity Filters allow you to search and organize entities based on specific criteria.
Examples of Entity Filters
- Filter by Business Unit → Show only entities belonging to the "Finance" department.
- Filter by Risk Level → Show only entities classified as "High Risk."
- Filter by Compliance Status → Show all "Non-Compliant" entities.
- Filter by Ownership → Show entities assigned to a specific user or group.
Where Do We Use Entity Filters?
- Risk Assessments – Find entities needing immediate evaluation.
- Dashboards – Display only relevant entities.
- Reports – Generate compliance and risk status reports.
5. Entity Relationships: Connecting the Dots
Common Relationships
| Entity | Connected To | Purpose |
|---|---|---|
| Data Center | IT Services | Manage IT risks for infrastructure |
| Payroll Process | Compliance Framework | Ensure policies are followed |
| Cloud Provider | Vendor Risk | Assess third-party risks |
Example of an Entity Relationship
- A Cloud Storage Service (Entity) is linked to a Vendor (Cloud Provider) because the vendor manages the cloud infrastructure.
- The Cloud Storage Service is also linked to a Security Policy that defines encryption requirements.
- If a risk is identified in the Cloud Provider, it automatically affects the Cloud Storage Service and all linked systems.
How Entity Relationships Help?
- Ensures comprehensive risk visibility.
- Helps track dependencies between departments, vendors, and IT assets.
- Enables automated risk scoring and policy enforcement.
6. Bringing It All Together: A Practical Example
Scenario: IT Security Risk Management
Imagine you are responsible for managing IT security risks in your company. Here’s how entities help:
- Entity Class → IT Services
- Entity Type → Cloud Storage System
- Filters Applied → "High Risk" and "Owned by Security Team"
- Entity Relationship → Linked to "Data Protection Policy" and "Vendor Risk Assessment"
Now, you can easily assess security risks, monitor compliance, and generate reports on IT risks in seconds!
Conclusion
Entities are the building blocks of risk management in ServiceNow IRM. By understanding: ✅ Entity Classes (big categories) ✅ Entity Types (specific subcategories) ✅ Entity Filters (finding the right data) ✅ Entity Relationships (connecting everything)
0 Comments