|
| 1 | +GRC Policy Retirement Guard with Control Objective Check |
| 2 | +Overview |
| 3 | +This Business Rule enhances data integrity and process governance within ServiceNow's GRC module. It prevents a sn_compliance_policy record from being marked with the "Retired" state if it is still associated with any active Control Objectives. The rule enforces a proper decommissioning process, ensuring that all dependent Control Objectives are either made inactive or delinked before the policy itself can be retired. |
| 4 | +Details |
| 5 | +Script Name: Prevent Retire of Policy with Active Control Objectives |
| 6 | +Target Table: sn_compliance_policy |
| 7 | +Run Time: before update |
| 8 | +Condition: State changes to Retired |
| 9 | +Action: Prevents a policy from being retired if it has active, linked Control Objectives. It displays an error message to the user and aborts the update action. |
| 10 | +Logic: |
| 11 | +Efficient Counting: Uses GlideAggregate for a highly performant query on the many-to-many (m2m) table (sn_compliance_m2m_policy_policy_statement), which links policies to control statements (in this case, acting as Control Objectives). |
| 12 | +Query Filtering: The query targets the m2m table and filters records where: |
| 13 | +The document field matches the sys_id of the policy being updated. |
| 14 | +The related content record (the Control Objective) has its active field set to true. |
| 15 | +Aborts Action: If the count of active Control Objectives is greater than zero, the script: |
| 16 | +Displays an informative error message to the user. |
| 17 | +Aborts the update process using current.setAbortAction(true), preventing the policy from being set to Retired. |
| 18 | +Business Rule Configuration |
| 19 | +To implement this functionality, configure the following settings in the Business Rule record: |
| 20 | +Name: Prevent Retire of Policy with Active Control Objectives |
| 21 | +Table: sn_compliance_policy |
| 22 | +When to run: |
| 23 | +When: before |
| 24 | +Update: checked |
| 25 | +Condition: [State] [changes to] [Retired] |
| 26 | +Advanced: checked |
| 27 | + |
| 28 | + |
| 29 | +Purpose and Benefits |
| 30 | +This Business Rule provides the following benefits to the GRC application: |
| 31 | +Process Governance: Enforces a controlled process for policy retirement, ensuring that all dependent Control Objectives are handled appropriately before the policy is decommissioned. |
| 32 | +Data Integrity: Prevents the creation of orphaned Control Objectives or inconsistencies in compliance reporting. |
| 33 | +Compliance: Ensures that compliance teams maintain an accurate and up-to-date record of active policies and their underlying Control Objectives. |
| 34 | +User Feedback: Provides immediate and clear feedback to the user, explaining why the retirement action was denied and outlining the necessary steps to proceed. |
| 35 | +Performance: Utilizes the efficient GlideAggregate method, which is best practice for performing counts on large tables. |
| 36 | +Usage |
| 37 | +This script is a core part of GRC data governance. If a user attempts to set a policy's State to Retired while active Control Objectives are still linked, they will see an error message and the update will be stopped. The user must first either inactivate or delink all related Control Objectives before attempting to retire the policy again. |
0 commit comments