Industry-specific compliance updates filter out the noise
One of the most frustrating aspects of enterprise compliance is that most compliance databases employ no meaningful filters. Executives have to go through mountains of regulations that have no relevance to their business. This makes it time-consuming and expensive to find and implement important changes. Edgile’s ArC content and apps are available for specific industries so that enterprises see only what impacts their business. The 16 ArC industry content library verticals in the initial release are: Financial Services Banking; Financial Services Banking and Broker Dealer; Oil and Gas; Utilities; Retail; Manufacturing; Technology; Gaming; Insurance—Property and Casualty; Insurance—Property Casualty and Life; Healthcare Payer; Healthcare Payer with Medicare/Medicaid; Pharma Life Sciences; Medical Device Manufacturer; Healthcare Provider; and Healthcare Provider With Research.
“Edgile has always had compliance experts tracking regulations through the U.S. and globally, looking at government requirements, standards groups requirements along with industry requirements. But by zeroing in on these critical 16 verticals, we are making compliance far easier for so many Fortune 500 companies,” says David Deckter, Partner at Edgile. “Our teams work on these reports daily so that our subscribers always know the latest revisions as well as the context for those changes. Knowing what a change means for enterprises is often more useful than merely knowing what changed. That is the context we deliver every day. This is far better than the typical approach we see where subscribers are told: ‘Here is everything. You go figure it out.’ Speed and vertical-specific context makes all the difference,” adds Brian Rizman, Managing Director at Edgile.
Integrating compliance and risk to protect the business
Compliance needs to be tightly integrated with the enterprise’s risk efforts if the security of the company is to be protected. Unfortunately, many companies deal with compliance and risk as separate entities. The Edgile approach is to consider a company’s risk posture when evaluating compliance and their company’s compliance situation when evaluating risk. ArC apps reflect this posture. This is especially critical for larger enterprises that run into compliance conflicts—where one set of rules in one area contradicts another set of rules in another—requiring executives to make compliance choices. By integrating risk into the compliance analysis, executives can make far better decisions.
A combined risk-compliance strategy includes four primary areas for protecting the business:
• Threat landscape, which examines likely attackers—internal and external—and what their resources, methodologies and ideal targets are
• Security posture, which factors in current defenses—as well as imminent defenses that have yet to be deployed, including the most likely timeframe for deployment— and known vulnerabilities across all areas, such as cloud, mobile, IoT, on-prem and VPN traffic
• Compliance issues, which could impact data-retention timeframes—what can be saved, such as visitor IP addresses or biometric data about how a visitor uses a mobile device, and for how long
• Intellectual property, including sensitive or internal use only data assets.
• Assurance Management—topics include audit management, vendor management and business continuity plans/disaster recovery
• Identity and Access Management—topics include provisioning and de-provisioning, role management, attestation and certification plus authentication and authorization
• Security and Privacy Management—topics include policies and standards, security architecture and secure builds and training/ awareness
• Operations Management—topics include process automation, backup/storage, monitoring and network/security operations
• Configuration Management—topics include virtual management, patch management, software distribution and inventory/configuration management
• Service Management—topics include asset management, change/ release management, problem/incident management, software development lifecycle and software acquisition.
Automation means no workforce training necessary
ArC Apps for ServiceNow’s Regulatory Change Management component takes all of the compliance changes and effortlessly integrates them into the ServiceNow IRM solution, requiring little to no extra effort or training of the workforce. This component reviews all of the company-specific data and settings and makes sure that related policies, baselines and controls are compliant with applicable compliance requirements. Material changes to anything in the baseline automatically trigger the app’s control enhancement process. Control owners would then receive a task to review and enhance their controls based on that new mandate. From there, the control owners can track all issues and initiate corrective action plans.
Edgile has always had compliance experts tracking regulations through the U.S. and globally, looking at government requirements, standards groups requirements along with industry requirements
The Regulatory Change Management component includes forms and workflows to seamlessly automate compliance management. It helps select sources, updates guidance and enhances controls. It’s via these mechanisms that Edgile ArC Content and Apps for ServiceNow can deliver enterprise executives assurance that all new compliance requirements are onboarded and applied to processes and applications.
Evidently, Edgile is a premiere partner for ServiceNow and the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content. “Our strategy-first model optimizes on-premises and cloud programs, IAM, GRC, and cybersecurity. By transforming risk into opportunity, we secure the modern enterprise through solutions that increase business agility and create a competitive advantage for our Fortune 500 clients,” concludes Deckter.