- Entity: In Governance, Risk, and Compliance, entities can be people, processes, departments, applications, or objects, whose exposure must be managed.
- Control: Compliance frameworks such as SOC2, ISO27001, FedRAMP, etc. consist of requirements that need to be satisfied to be compliant with each framework. Controls the measures organizations put into place to satisfy these requirements.
- Evidence: Evidence refers to the proof an organization has implemented the necessary controls to satisfy a compliance requirement. Screenshots, policies, and CSV exports from various SaaS tools are common types of evidence submitted to auditors.
- Assessment: Assessments are a set of questions related to the evidence uploaded for the control in order to validate that the evidence satisfies the control requirements. Assessments are typically assigned to the owner of a given control.
Supported Fields for GRC Entity
| Leen Model | ServiceNow |
|---|---|
id | ✅ |
name | ✅ |
description | ✅ |
type | ✅ |
created_at | ✅ |
updated_at | ✅ |
vendor_attributes | ✅ |
Supported Fields for GRC Control
| Leen Model | ServiceNow |
|---|---|
id | ✅ |
name | ✅ |
description | ✅ |
control_objective | ✅ |
type | ✅ |
category | ✅ |
status | ✅ |
entity | ✅ |
template_id | ✅ |
created_at | ✅ |
updated_at | ✅ |
vendor_attributes | ✅ |
Supported Fields for GRC Evidence
| Leen Model | ServiceNow |
|---|---|
id | ✅ |
name | ✅ |
description | ✅ |
type | ✅ |
collected_at | ✅ |
location | ✅ |
status | ✅ |
control_id | ✅ |
created_at | ✅ |
updated_at | ✅ |
vendor_attributes | ✅ |
Supported Fields for GRC Assessment
| Leen Model | ServiceNow |
|---|---|
id | ✅ |
state | ✅ |
respondent | ✅ |
control_id | ✅ |
template_id | ✅ |
template_name | ✅ |
questions | ✅ |
created_at | ✅ |
updated_at | ✅ |
vendor_attributes | ✅ |