The Customer
The client, a prominent healthcare institution specializing in pediatric care, previously relied on ServiceNow for their IT Service Management (ITSM) and IT Operations Management (ITOM) needs. Recognizing the necessity to enhance their risk management framework, they implemented the ServiceNow Integrated Risk Management (IRM) solution. This strategic move was aimed at bolstering their cybersecurity posture and ensuring comprehensive risk oversight across their operations, thereby affirming their commitment to safeguarding patient data and maintaining operational resilience in the healthcare sector.
The Challenge
The challenge was centered around the limitations imposed by the existing software used for managing Risks and Compliance within the IT systems across an organization dedicated to pediatric healthcare. The existing tool was falling short in providing a clear and comprehensive view of the organization’s risk management and compliance status, impeding effective collaboration among team members. The organization was in need of a robust solution that could not only replace the current tool but also enhance visibility, serve as a centralized source of truth for the Governance, Risk, and Compliance (GRC) team, and facilitate better collaboration in risk management processes.
The Solution
For a healthcare client, we implemented the ServiceNow Integrated Risk Management (IRM) Solution. This included setting up Policy Exceptions Creation through existing catalog items and creating customized reports and dashboards to streamline the risk review process. We also developed a workflow specifically for assessing applications that handle sensitive data, which includes automatic creation of risks. Additionally, we refined the risk lifecycle to better match the client's existing processes.
To complement this project, we conducted a licensure review with ServiceNow to ensure the solution aligns with the client's business case and future roadmap. Furthermore, we engaged in a content review of the NIST Cybersecurity Framework (CSF) with a ServiceNow Product Lead to correct spelling errors in the loaded assessments. This comprehensive approach not only tailored the IRM solution to the client's needs but also enhanced their overall risk management strategy.
Results
The project, which spanned 4 months and 15 days, focused on implementing the ServiceNow IRM Solution for a prestigious client. Throughout this period, significant achievements were made, including the retirement of the obsolete RSAM solution, thereby enhancing reporting capabilities and overall enterprise resilience. One of the key accomplishments was the seamless migration of existing risks and assessment results from RSAM to the ServiceNow IRM solution, aligned with the NIST Cybersecurity Framework (NIST CSF).
This transition not only improved collaboration between the frontline staff and the Governance, Risk Management, and Compliance (GRC) team but also bolstered support for internal audits and increased data accessibility. The absence of concrete metrics does not undermine the evident success of the project, as marked by the client’s top satisfaction rating.