IT Compliance:

How ServiceNow's application helps keep your business compliant

Host: Eric Féron Guest speaker: Anushree Randad

Sr. Principal Product Success Manager Principal Product Manager, Risk,

Scaled Engagements, Security & Risk, ServiceNow
ServiceNow

Security & Risk Community Tutorials

IT Compliance challenges
• Bring Your Own Device

• Software management (updates and patches)

• General Data Protection Regulation, Data Protection Act, etc.

• Vendor management

• Internet of Things

2 © 2019 ServiceNow , I nc. All Rights Reserved.

GRC in a legacy work model is inefficient
Tools & capabilities can’t keep up

SECURITY LEGAL IT
• ISO 27001, HIPAA, • FCPA/UK Bribery/ • COBIT/ITIL
PCI, NIST Code of Conduct • Policies
• Policies • Privacy / GDPR • Risks
• Cyber Risks • Policies • Controls
• Controls • Audits • Control Evidence,
• Control Test, • Investigations Monitoring
Evidence, Monitor • Case Management

Email Spreadsheets Meetings Integrated Reporting Workflow Driven Process Transparency

3 © 2019 ServiceNow , I nc. All Rights Reserved.
What I need… IT
Compliance

Understand Automate Remediate or

regulations & compliance accept risk as
requirements measurement issues arise

* Forrester Total Economic I mpact™ Of ServiceNow Governance, Risk, and Compliance, 2019
Six key aspects of Policy and Compliance

Policy Management Policy Exceptions Policy Acknowledgement

Issues and remediation Continuous Monitoring VR, VRM, Configuration

Compliance integration

5 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
Policy Management

6 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
Policy Management

Your challenges How ServiceNow helps

• Multiple tools • Mapping to Control objectives

• Lack of visibility • Integration with UCF to import common

controls

• Review and approval process

• Version and score tracking

7 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
Policy Exceptions

8 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
Policy Exceptions

Your challenges How ServiceNow helps

• Several systems • Policies and Exceptions in the same place

• Siloed processes • Integration with other NOW applications

• Multi-level Exception approvals

• Risk informed approval

9 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
Policy Acknowledgements

10 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
Policy Acknowledgements

Your challenges How ServiceNow helps

• Several tools • Acknowledgement campaigns

• No centralization • Dynamic audience setup

• Decline and exception management

option

• Compliance measurement

11 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
Continuous Monitoring

12 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
Continuous Monitoring

Your challenges How ServiceNow helps

• Very manual workflow • Automatic Control monitoring

• Integrations are challenging • Integrated results for Audits

• Real-time impact on Risks

13 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
Issues and Remediation

14 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
Issues and Remediation

Your challenges How ServiceNow helps

• Email... • Automated Issues

• Very manual workflows • Automatic Issues grouping rules

• Multiple Remediation tasks assignment

15 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
GRC Integrations

16 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
Integrations

Your challenges How ServiceNow helps

• GRC program is siloed • Continuously monitor and mitigate

potential risk from vulnerabilities in IT
infrastructure
• No true integrated risk view

• Monitor controls and validate compliance

by aggregating scanned results
from integration with configuration
scanning applications

• Monitoring of Vendor impact on

Compliance posture
17 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.
© 2019 ServiceNow I nc. All right s res erved.
What next?

18 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
What should I do right now?

1 Implementation Guide (coming soon)

Policy and Compliance training (Governance, Risk, and Compliance Fundamentals

2 (2-day ILT/VILT) and Risk and Compliance Implementation (2-day ILT/VIL))

19 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.

© 2019 ServiceNow I nc. All right s res erved.
Thank you
Reminders

There is more
PDF version of the slides is available in the forum.

You want answers

Please post your questions in the Governance, Risk and Compliance forum.

21 © 2018 ServiceNow , I nc. All Rights Reserved. Confidential.