applications / Compliance+
[ ServiceNow scoped app ] x_krn_comp

Compliance+

Self-service compliance portal for waivers, exemptions, privileged access, and training and certification tracking.

Compliance is scored per user, per asset, and per group, with close attention to expiry.

// spec compliance+
abbrev Comp+
scope x_krn_comp
instance path /comp
status ServiceNow scoped app
// what Compliance+ does

What Compliance+ does.

Request and Review

Users submit waivers, exemptions, privileged-access requests, and training submissions; reviewers move them through a multi-stage approval chain. Reviewer personas such as ISO, ISSM, PSO, ACIO, and CIO can read the underlying policy documents because their roles nest the Document+ user role.

Expiry Tracking

An Expiring Soon matrix buckets trainings, user and system waivers, exemptions, and privileged access by time window, from one day out to ninety, so lapses are visible before they happen.

Scored Posture

Compliance is rolled up per user, per asset, and per group. The portal owns the RMF risk assets and commitments that DMM and Audit+ consume, tying workforce compliance to the systems it protects.

Compliance+ is the workforce and system compliance portal. Users file waivers, exemptions, privileged-access requests, and training or certificate submissions; reviewers approve or reject them; and managers track posture across assets, groups, and people. A personal dashboard shows each user’s compliance percentage, items awaiting their action, and an Expiring Soon matrix that buckets every obligation by how soon it lapses.

Requests run a deep review chain. A waiver moves through a PGS, ACIO, PSO or ISSM, D&O, PolicyPOC, and CIO sequence, spawning a task at each stage. Reviewers can open the policy that a request is filed against because their Compliance+ roles contain the Document+ user role, so the review and the document of record stay connected.

Compliance+ owns the RMF risk assets and the compliance commitments that the rest of the suite reads. DMM plans and Audit+ findings reference those assets and commitments rather than defining their own, which makes Compliance+ the source of record for what systems are in scope and what obligations apply to them.

// other applications
← All applications