The Customer
The client, a Public Utility and Electricity company, is a community-based, not-for-profit organization providing affordable water and power to more than 2 million people. It comprises two separate organizations: a private water corporation founded in 1903 and an electricity provider formed as an agricultural improvement district, and a political subdivision of a US State. The client was already using ServiceNow’s ITSM solution, a modern, cloud-based, silo-busting service management solution.
The Challenge
The challenge began when the client needed a way to consume data from a third-party tool that provided patch levels for systems that directly correlated with policy requirements from Federal regulatory bodies. ServiceNow’s Policy and Compliance module allowed for the correlation of the data, the creation of monitorable tasks to remediate the issues, and formatted exports for Federal reporting.
The Solution
The expectation was to be able to see what tasks were needed to maintain compliance with federal regulations, by creating issues of non-compliance, based on the patch level of a device/system according to scanning by a third-party tool.
Implement GRC Policy and Compliance:
-
Load federal regulations from the UCF
-
Integrate with the third-party tool
-
Map any findings to issues in Policy and Compliance
-
Relate the issues back to controls created for each device/system scanned
-
Implement process for issue assignment and resolution with SLAs
-
Format reporting for federal requirements
Along with this, the GlideFast team enforced gathering workshops, daily standups, integration workshops, data analysis, and a Configuration management database (CMDB) analysis.
Results
With the help of GlideFast, there were 6 weeks from project inception to User Acceptance Testing Turnover. There was a complete implementation of Policy & Compliance with a personalized integration, Unified Compliance Framework integration, and issue management, which resulted in the anecdotal reduction of remediation time by 75% and reduced reporting time by 50%.
GlideFast will continue to work with this client on future projects to accommodate their needs in the Now Platform and maximize their ROI. To date, GlideFast has successfully completed a Governance, Risk, and Compliance (GRC) to Integrated Risk Management Upgrade, and will assist the client with SecOps-In Flight, Application Portfolio Management (APM) and Software Asset Management (In-Flight), and Vendor Risk Management (In-Flight).
