Client Success Story - Cloud Security Solutions Provider
Project Overview
- This high-tech company, that provides cloud-based security software products to many U.S. government agencies and global customers, was becoming overwhelmed with the number of compliance requirements that their customers required of them.
- The growing frameworks that were customer mandated included NIST, ISO-27001, FedRAMP, and Cloud Security Alliance Cloud Controls Matrix (CCM) to name a few.
- Collecting the necessary evidence and supporting the numerous internal audits forced the team to look for a new and innovative way to implement ServiceNow GRC.
ImagineX Approach
- Working with the client in an advisory capacity we coached them through an aggressive five-week GRC phase one implementation.
- The agile and compressed schedule required close coordination to quickly refine the approach that would meet their compliance requirements and consolidate the number of controls across the various frameworks.
- Taking a controls-centric approach to implementing GRC, we helped the client realize the following benefits:
- Created customer-defined policy statements allowing the consolidation of controls across multiple frameworks
- Automated the process of requesting audit evidence on a periodic schedule.
- Extended functionality to automatically collect audit evidence for the in-scope audit & engagement controls
- Updated the audit report functionality to include evidence that is collected prior to the internal audit providing auditors detailed evidence that proves a given control is in place and effective.
Project Success
- Given the success of phase one, the customer is now focused on implementing phase two to further increase the automation capabilities of the solution.
- This includes developing an integration between ServiceNow and Jira to automatically assign Jira issues to operations personnel to request and track evidence collection for their audited systems.
Technology & Tools
Governance, Risk & Compliance
Methodology
Agile, Various Security Frameworks
