Loading
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Define and Apply Risk Scope for IT Compliance

            You are here:

            1. Salesforce Help
            2. Docs
            3. Agentforce IT Service

            Define and Apply Risk Scope for IT Compliance

            Define the categories of IT assets, business units, and vendors your team uses to scope risks, and then associate the right scope to each risk record so its impact is grounded in real-world context.

            Required Editions

            Available in: Lightning Experience
            Available in: Enterprise, Performance, and Unlimited Editions with Agentforce IT Service.
            User Permissions Needed
            To define risk scope types and apply risk scopes: Compliance Admin permission set

            Create a Risk Scope Type

            A Risk Scope Type record represents a broad category used to define what a risk applies to, such as Cloud Region, Business Unit, Configuration Item, or Vendor.

            1. From App Launcher, go to the IT Compliance app and select Risk Scope Type.
            2. Click New and enter a name and description that describe the category clearly.
            3. Save your changes.
            Common Risk Scope Types
            Common Risk Scope Types

            The categories most teams define for IT compliance risks include:

            • Cloud Region. For risks tied to specific data centers or cloud regions, like AWS US-East-1 or Azure East US.
            • Business Unit. For risks scoped to organizational units, like North America Sales or EMEA Engineering.
            • Configuration Item. For risks that apply to specific servers, databases, or applications in your CMDB.
            • Vendor. For risks introduced by third parties, like SaaS providers, outsourced services, or hardware suppliers.
            • Physical Office. For risks tied to a particular site, like an HQ in San Francisco or a development center in Bangalore.

            Apply a Risk Scope to a Risk

            When a risk scope type is applied to an individual risk, a Risk Scope record is created. the specific instance linked to an individual risk record, To maintain a consistent risk register, define your scope types upfront, and apply specific scopes to risks as they are registered.

            1. Go to the risk record you want to scope.
            2. On the Related tab, click Add Risk Scope.
            3. Select the risk scope to apply, and then save your changes.
            Example: scoping the phishing risk to North America Sales
            Example: scoping the phishing risk to North America Sales

            Suppose your compliance team has registered a Phishing Attack risk for the North America Sales business unit and now wants to record exactly which part of the IT environment the risk applies to. They apply two risk scopes to the risk record:

            • Risk Scope Type: Business Unit. Risk Scope: North America Sales.
            • Risk Scope Type: Configuration Item. Risk Scope: Salesforce Sales Cloud (the tenant used by North America Sales).

            Together these tell your team exactly what this phishing risk applies to: the Sales Cloud tenant used by North America Sales, not other regions, products, or business units.

             
            Loading
            Salesforce Help | Article