Controlling Risk Exposure

Continuous Monitoring in ServiceNow Integrated Risk Management Indicators for Healthcare

Organizations using manual, time-consuming, and inefficient risk monitoring, evidence collection, and response processes like email and spreadsheets cannot effectively assess risk or security posture.

The healthcare industry needs a set of robust indicators for proper risk management. Automation can streamline the process and provide organizations with a way to build a real-life, risk-based approach to monitoring, which can be done on a continuous basis.

With automation, security posture is always operating in the background as various teams work. Click To Tweet

With Integrated Risk Management in ServiceNow, Indicators are the bread and butter that drive continuous monitoring. They are the automated version of what is being done manually in most organizations to gather evidence during the risk and compliance management process.

From a compliance perspective, they gather evidence to measure compliance or non-compliance against controls, policies, and external regulations. From a risk perspective, they collect evidence to adjust a risk score, either positive or negative, to provide a more realistic risk posture score.

The platform is the big differentiator here. Point players have a limited number of use cases that solve a specific problem in the industry. The integration between Risk, Vendor Risk, Compliance, and Audit is critical to a holistic view of Risk in an organization.

ServiceNow IRM is the only vendor in the world that does continuous monitoring.

Let’s look at the current COVID-19 pandemic as an example:

If you wish to track confirmed cases and business impact in a particular sector, there are a few key steps.

  1. As a risk manager, you can create a risk statement such as ‘Disruption to Business Operations During a Pandemic’ associated with the Entity Type of Locations.
  2. You can then create a manual indicator template requesting the ‘Number of Confirmed Cases’ at each location on the Risk Statement ‘Disruption to Business Operations During a Pandemic’ at the interval best suited for the organization (i.e. daily, weekly etc.).
  3. This Indicator template will create manual indicators for each location within the Entity Type ‘Locations’ and send Indicator tasks to the appropriate parties at each location asking for the number of confirmed cases.

When confirmed cases are added, a Risk Issue is generated. Indicators will continuously monitor the risk at each location based on the number of pandemic cases reported. The more cases reported the more risk to business disruption.

This will vary by location, so they need to be monitored separately. The granular risk can then be rolled up to enterprise-level risk, providing better tactical and strategic decision making. This is just one example of how a Continuous Monitoring solution can leverage the rich data readily available within the ServiceNow platform as a basis.

By defining indicators that will be used to monitor your risk posture, you can adequately respond to incidents. Click To Tweet

If the evidence that continuous monitoring shows an indicator failure, the risk score will automatically rise, and an issue will be generated for the risk owner for remediation. Throughout the whole process, visibility into risk posture is available to executive and board-level personnel, so that messages can flow from the top down.