Platform Automation Framework

Change Governance

A scoped ServiceNow application designed to enforce structured change approvals using automated risk scoring, state transition controls, and governance workflows.

Business Problem

Organizations often approve operational changes without consistent risk evaluation or structured approval paths. This creates exposure across compliance, security, operational stability, and financial oversight.

Without automation, governance relies on manual review and inconsistent policy enforcement.

Solution

The Platform Automation Framework Change Governance module automates the evaluation and approval of change requests by:

  •  Structuring risk assessments across compliance, security, operations, and finance
  •  Calculating an automated risk score from multiple assessment inputs
  •  Enforcing state transition rules to prevent unauthorized workflow progression
  •  Dynamically triggering approval workflows based on calculated risk levels

Architecture

The application uses a normalized parent-child data model.

Risk assessments are stored as child records and aggregated through a Script Include that calculates risk levels dynamically. Business Rules enforce valid workflow transitions while Flow Designer manages downstream approvals.

 

User changes State to "Submitted"
│
▼
Clicks Save
│
▼
────────────────────────────────────
Business Rule 1 (Before Update)
"Enforce State Transitions"
────────────────────────────────────
│
├─ Does state change?
│   │
│   ├─ No → Stop
│   └─ Yes
│
├─ Call Script Include:
│   isValidTransition(prev, next)
│
├─ Valid?
│   │
│   ├─ No → addErrorMessage()
│   │        setAbortAction(true)
│   │        Save blocked
│   │
│   └─ Yes → Continue
│
▼
────────────────────────────────────
Business Rule 2 (Before Update)
"Update Risk Rollup"
────────────────────────────────────
│
├─ Is new state = Submitted?
│   │
│   ├─ No → Stop
│   └─ Yes
│
├─ Call Script Include:
│   calculateRisk(sys_id)
│
├─ Script Include:
│   ├─ Query Risk Assessments
│   ├─ Aggregate scores
│   ├─ Determine max score
│   ├─ Map score → risk level (1–4)
│   └─ Return object
│
├─ BR updates:
│   ├─ current.risk_level
│   ├─ current.risk_score_rollup (optional)
│   └─ current.work_notes
│
▼
Record Saved to Database
│
▼
Flow Designer (if configured)
│
├─ If risk_level = Critical
│   └─ Trigger approval
│
▼
User sees updated record
Automated Risk Scoring

Aggregates multiple risk assessments and derives a governance-level risk rating.

State Transition Enforcement

Prevents unauthorized workflow progression using server-side validation.

Structured Risk Categories

Evaluates changes across four governance domains:

  • Compliance
  • Security
  • Operations
  • Financial
Approval Automation

Triggers conditional approval workflows when risk thresholds are exceeded.

Technical Implementation

Built using ServiceNow platform components, including:

  • Scoped Application Development
  • Custom Data Modeling
  • Script Includes (GlideRecord aggregation)
  • Server-side Business Rules
  • Client Scripts and UI Policies
  • Flow Designer approval workflows

Code Highlight

Change Governance Business Rule

var util = new PAF_ChangeGovernanceUtils();

var riskData = util.calculateRisk(current.sys_id);

current.risk_level = riskData.riskLevel;

Skills Demonstrated

  • ServiceNow Application Development
  • Workflow Automation
  • Data Modeling & Table Relationships
  • Server-Side Scripting (GlideRecord)
  • Platform Governance Design
  • Enterprise Change Management Concepts

This project demonstrates how governance policies can be embedded directly into platform workflows to ensure operational changes are evaluated consistently and transparently.