In addition to Enterprise Service Management, one of our consulting focal areas is Governance, Risk & Compliance. This includes support in the area of quality management, the assurance, preparation and monitoring of audits (ISO20000 & 270000) and the setting up of internal control systems (ICS). We are also working on the implementation of frameworks such as Cobit or BaFin requirements, such as BAIT or VAIT; as well as with suitable tool support from ServiceNow GRC, which we would like to provide an overview of below.
Our practical experience shows that many companies still use Excel and e-mail to handle audits. The resulting disadvantages are obvious. Many manual tasks are required and reproducibility and updating can include sources of error. The distribution of roles and control of completed tasks are not always clear. In addition, the documents are often stored decentrally and can only be made available to the auditor at great expense and time. ServiceNow provides a platform to implement integrated governance, risk & compliance.
ServiceNow provides the platform to map your individual requirements in terms of compliance, identity management (roles and rights) and business-driven risk definitions. ServiceNow enables you to “match” the regulations relevant to you at the push of a button and create a report on the activities of various employees and all measures taken at any time. These are available at any time and verifiable at any time — even by external auditors. The advantage: You have a central, integrated management tool that is audit-proof in terms of documentation, provides preparation for audits (repeatable) and offers real added value in the area of IT risk management and drastically reduces your expenses.
advantage: Using a common control framework to monitor assets and processes to identify changes and risks in real time — all visible on a dynamic dashboard with a one-click report.
advantage: Continuously monitor your risk exposure, prioritize critical risks, and reduce
Response time of days to minutes.
advantage: Identify, analyze, manage, and report on operational risks and get a holistic view of all your business risks through risk events and risk rollups.
advantage: Automate redundant processes and cross-functional activities with consistent workflows and predefined business, risk, IT objects, and systems to streamline evidence collection and increase productivity.
advantage: Streamline how you manage vendor risks and track issues, implement a consistent assessment and resolution process, consolidate communication and facilitate collaboration, and
Automate assessment processes — so you can evaluate more of your critical vendors
advantage: Jump-start to implement a wide range of regulations/standards/frameworks, such as SOX, NIST RMF, NIST CSF, and more that are being added. Note: Using an interface, it is possible to integrate start-up tools for the German market, such as Cobit, and, if necessary, to maintain audits or compliance requirements for two “different” bases, such as SOX/Cobit.
With our expertise, we are happy to answer questions regarding methodology, requirements, organization of governance, risk & compliance topics, as well as implementation in ServiceNow. Our colleagues are looking forward to your questions! Please contact us at sales@exccon.com.
.png)