We help build evidence collection and remediation workflows for integrated control testing, issue management and more on the Now Platform, which most IT Operations teams already use. This shared repository enables accurate and current dashboards for compliance and risk.
Our phased implementation methodology (PASS) builds on your current state and continuously matures your organization. Move away from excel sheets to a shared platform, efficiently track manual tasks at scale and automating tasks like evidence collection.
Fortune 500 companies, largest professional services firm, multiple mid size companies across industries - all rely on INRY to guide them through their ServiceNow journey.
Our PASS methodology delivers repeatable, predictable results with fast time to value from your ServiceNow investment.
We make it easy to do business with us right from initial contracting to delivering projects and post-project support.
Our delivery and governance processes eliminate surprises, and enable us to offer outcome-based pricing and assure success.
We have a demonstrated history of success in implementing GRC for Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment. We also understand how to use all parts of the ServiceNow platform - Information Technology Controls using ITSM, Change and Patch Management Controls using Change Management, Managing and Auditing IT Vulnerabilities using Vulnerability Management, Identity and Access Management (INRY app), IT Projects and Financials (ITBM).
Implement ServiceNow with best practices to maximize ROI and speed up time-to-value
Get round-the-clock assistance and support from ServiceNow experts
Plan and execute ServiceNow upgrades with minimum disruptions
Discover custom apps by INRY designed to deliver great experiences
Starting 2020, GRC is part of the ServiceNow Integrated Risk Management (IRM) suite and priced as Standard, Professional, and Enterprise.
These editions include standard capabilities like policy & compliance, risk management, exception management, and audit planning. Vendor Risk Management (also known as Third-Party Risk) and Business Continuity Management are priced separately.
Each capability of GRC is approximately three months for initial setup following by ongoing automation. For instance, policy and compliance include defining controls, entities, indicators, and assessments. Control-testing can be automated to remove the human element and can take longer depending on the organizational maturity.
GRC testing should include content validation (like control objectives, policy statements), process/workflow testing (like attest/indicators). Typically GRC requires very few configuration changes, so the focus should be more on out-of-the-box deployment with minimal configuration testing required.
