Jon Massey
As a major health insurance organization in the US, the client needed comply with various regulations including SOC2. They had a well-defined but entirely spreadsheet-driven SOC2 assessment process. This led to long cycles of preparation for SOC2 certifications. They needed a way to automate their compliance cycle from releasing assessments to finalizing evidence.
INRY’s implementation of ServiceNow Policy and Compliance Management helped the client move to a more streamlined process to track compliance with SOC2 assessments.
49 controls with 193 control instances were automated and the burden of managing compliance against those was reduced significantly
Automatic requests for evidence sent at periodic intervals eliminated the need for the Information Security team to send hundreds of emails
104 Policy Exceptions were automated and a completely new workflow and request process was created and centralized within ServiceNow
Real-time dashboards provided operational insight and increased visibility into the number of assessments in progress and their status