ServiceNow GRC Implementation
Company – Canadian federally regulated trust company. Industry – Finance. Solutions:
- Governance, Risk, and Compliance (GRC) application suite built
on the ServiceNow platform - Audit Management, Compliance UCF, Policy and Compliance Management, Risk Management, Workbench, CobiT
In a rapidly changing regulatory landscape, keeping track of hundreds, if not thousands, of requirements aligned with corresponding controls and associated risks is a complex goal. Add to the equation the typical features of a siloed organization: lack of centralized oversight and coordination, incompatible software, redundant data, gaps, and process inconsistencies. With ever-growing cyber risk and inaccurate risk assessment, running an effective GRC program without a sophisticated software solution is next to impossi- ble. Furthermore, software on its own is not a cure-all. The constant shortage of qualified human resources, consequent high attrition, and failure to retain knowledge completed the organization’s challenges con- cerning GRC and ServiceNow.
BENEFITS ACHIEVED
- Centralized Unified Compliance Framework (UCF) repository of the rules and requirements: regulations, audit guidelines, contractual obligations, CobIT standards, and internal management policies.
- Uniform risk management provides consistency of risk assessment, scoring, and control across the organization.
- Ongoing risk monitoring allows to identify and address critical changes in the organization’s risk posture.
- Internal audit automation helps harmonize and reuse across organization audit processes, test templates, flows, and audit project activities, as well as address deficiencies and assign findings.
- Vendor risk management provides an instrument to collect, validate, and score vendor self-assessment feedback. Third-party risk is managed as a part of the organization’s overall risk management program.
- CMDB and Business Service Maps integration close to real-time updates of the configuration database and business services map are invaluable for ongoing risk assessment and activities related to risk management.
- Business Continuity Planning and Disaster Recovery sitting on the edge of IT Service Management and GRC, it improves BCP program coverage, simplifies communication and automates testing activities.