Client Success Story - Cloud Security Solutions Provider

Project Overview
  • This high-tech company, that provides cloud-based security software products to many U.S. government agencies and global customers, was becoming overwhelmed with the number of compliance requirements that their customers required of them.
  • The growing frameworks that were customer mandated included NIST, ISO-27001, FedRAMP, and Cloud Security Alliance Cloud Controls Matrix (CCM) to name a few.
  • Collecting the necessary evidence and supporting the numerous internal audits forced the team to look for a new and innovative way to implement ServiceNow GRC.
ImagineX Approach
  • Working with the client in an advisory capacity we coached them through an aggressive five-week GRC phase one implementation.
  • The agile and compressed schedule required close coordination to quickly refine the approach that would meet their compliance requirements and consolidate the number of controls across the various frameworks.
  • Taking a controls-centric approach to implementing GRC, we helped the client realize the following benefits:
    • Created customer-defined policy statements allowing the consolidation of controls across multiple frameworks
    • Automated the process of requesting audit evidence on a periodic schedule.
    • Extended functionality to automatically collect audit evidence for the in-scope audit & engagement controls 
    • Updated the audit report functionality to include evidence that is collected prior to the internal audit providing auditors detailed evidence that proves a given control is in place and effective.
Project Success
  • Given the success of phase one, the customer is now focused on implementing phase two to further increase the automation capabilities of the solution.
  • This includes developing an integration between ServiceNow and Jira to automatically assign Jira issues to operations personnel to request and track evidence collection for their audited systems.
Technology & Tools

Governance, Risk & Compliance

Methodology

Agile, Various Security Frameworks

ImgnX

Author ImgnX

More posts by ImgnX