Book a Meeting

IT Firm-Risk and Security Workflows

Managing IT Risk, Security and Enterprise Risk in one platform
Industry
Information Technology
Technology
ServiceNow Integrated Risk Management and Security Operations

The Client

A  leading global information technology, consulting and business process services company, with over 220,000 dedicated employees serving clients across six continents.

Challenge

IT Risk and Security operations were manual – dependent on excel and emails to collect information from various security teams and tools, long hours spent on analyzing the data and coming up with ‘state of security’ report for management. There was no single repository of all risks, no single view to CISO or CIO of the risk exposure of the organization. Potential impact on revenue if a customer operation is impacted due to non-compliance to regulatory requirements or agreed service level requirements.

Solution

Using ServiceNow® Integrated Risk Management and Security Operations capabilities, created a single, easily accessible online platform with integrations into event monitoring and scanning tools, and enterprise systems. using several digital workflows such as Risk Identification, IT, Enterprise and Vendor Risk Assessments, Policy exception and compliance monitoring, Vulnerability Response, Threat Intelligence and Audit workflows. The digital workflows enable automation of tasks previously manually performed, as well as provide all the relevant information in single place for monitoring and reporting.

Accomplishments

Enhanced Out-of-the-Box ServiceNow applications to configure customer-specific workflows with multiple customizations across Risk, Audit, Security, and Compliance applications. A complex entity structure was configured, integrating with the CMDB and customer/project data feeds from the enterprise system. Despite a tight schedule and a large, complex scope, the team successfully released the first production roll-out within three months of kickoff. The following modules were implemented in a record time of just seven months: Policy & Compliance, IT Risk Management, IT Audit Management, ERM Function Risk, ERM Audit Management, Vulnerability Response, Configuration Compliance, Vendor Risk Management, Security Incident Response, Threat Intelligence, and Performance Analytics.