Client Success Story - ServiceNow SecOps and GRC at Large Pharma Client
One of the nation’s largest pharmaceutical companies was seeking to improve their overall security posture and improve the tracking and efficiencies of their compliance processes. As a long-time ServiceNow customer, they elected to implement Governance, Risk and Compliance (GRC), Security Incident Response and Vulnerability Response as part of a three-year IT process improvement initiative
- The project was initially divided into two major efforts to align with their organizational responsibilities – Security Ops and IT Compliance.
- Over the course of seven calendar months and three production releases, we implemented the following new capabilities for the customer:
- GRC audit management for the customer’s internal SOx compliance team
- GRC audit management for the internal IT security compliance team
- Vulnerability Response Management with an integration to Qualys
- Security Incident Response with automated workflows for their top-10 security issues
- Integrated security incident creation using their existing Splunk SIEM to automatically generate security incidents
- Custom end-user IT risk exception request process
- With the implementation of this project, the customer successfully consolidated processes and eliminated manual steps that cost their IT staff unnecessary time and effort.
- With the Splunk integration they have also begun to realize long sought efficiency gains by automating SIEM events with automated ticketing and assignment routing in ServiceNow.
- As their use of SecOps and GRC matures, the customer envisions further integrations and process optimizations.
Technology & Tools
Governance, Risk & Compliance, Security Incident Response, Vulnerability Response