With organizations across various industries having to cough up massive fines for non-compliance, some are left to wonder whether the current approaches for achieving compliance simply don’t work.
Organizations are looking for a robust program that will enable them to manage compliance with regulations and internal policies, improve information security practices and streamline audits and remediation activities.
As regulations continue to mount, there is a constant barrage of new guidelines to adhere to, and new initiatives being pushed forth in order to mitigate risk. Needless to say, risk and compliance groups are finding it daunting to keep up. There is also the challenge of growing cyber security threats, further compounding the problem with compliance.
While there are a plethora of problems organizations face with current processes and tools, we will highlight 3 core challenges that we’ve witnessed across multiple industries and organizations:
Many companies treat each regulation or framework as an independent set of controls, which leads to:
A centralized repository with a list of controls that map to all regulatory, compliance and operational requirements. This allows for “test once, comply many".
Manually collecting compliance evidence, through manual assessments, walkthroughs or capturing screenshots. Relying heavily on the tribal knowledge present within the information security team takes a lot of time, and is mostly managed through spreadsheets or email.
This leads to version control issues and several times evidence cannot be repurposed for other audits, or even reproduced.
Risk-based, workflow driven control testing, with automated evidence collection wherever possible. INRY clients have leveraged ServiceNow for multiple formats of evidence collection, including basic and advanced indicators pulling data from the CMDB, Attestations and Assessments, and data certification techniques.
Tracking audit observations and remediation activities to closure and managing risk exceptions.
The ServiceNow® GRC Audit Management application provides a centralized process for internal audit teams to automate the complete audit life cycle. Project driven audits allow auditors to quickly scope engagements, conduct fieldwork, collect control evidence, and track audit observations.
INRY clients have leveraged ServiceNow Audit Management to log observations and track remediation activities using control tasks. A lot of remediation activities are actually carried out by the Service Management teams, and if they're using ServiceNow ITSM, then it gives them a central location for all tasks, embedding controls into the Service Management processes.
Please enter your email address below to get INRY Insights delivered to your inbox.
We bring the power of ServiceNow and deliver value to our clients through a consultative approach.
Get INRY to help your organization achieve your goals with our in-depth expertise and a methodology focused on incremental delivery of tangible value.
© 2020. All rights reserved. All product names and registered trademarks are property of their owners.
Latest InsightsInformation TechnologyEmployee Experience Security & RiskBusiness Operations INRY Apps