Implementing Vendor Risk Management for a Northeast Healthcare System

“Their previous system was reaching end of life and it really wasn’t meeting their needs, so they wanted to move forward with ServiceNow, which was already in use within other areas of the system,” Katie Lawless, Project Manager at Cask said.

One of the largest private employers in the mid-Atlantic, our client’s network of healthcare services includes outpatient services, home health care, urgent care centers, three hospitals, and more. The healthcare giant, already a Cask client from previous work on their ServiceNow instance, sought a new solution to manage Vendor Risk Management that would meet the businesses requirements and eventually integrate with Governance, Risk, and Compliance across the organization.

Within ServiceNow, the Vendor Risk Management application provides a centralized process for managing a vendor portfolio, assessing vendor risk and tiering, and for completing the remediation life cycle. The healthcare system was using a qualitative methodology, which it sought to replace by implementing a robust Risk Management protocol, all the way from procurement to production. Based on a series of meetings with a team from Cask, the organization was able to pinpoint six different areas of concern when it came to assessing vendor risk levels. 

At a high level, Cask translated our client’s current Third-Party Risk Management process into ServiceNow’s Vendor Risk Management product utilizing out of the box features with an enhanced Vendor Tiering process that translated into Vendor Categories, based on the calculated risk for Confidentiality, Availability, and Integrity. Additionally, we approached the remediation process with a scalable solution that can be integrated into the rest of the GRC product line in ServiceNow.

We had some challenges understanding OOB functionality and best practices, and Cask supported us to overcome those challenges with their guidance,” the client said. “It was a good project overall and we are very happy with the end result!”

Cask worked with ServiceNow to resolve any limitations and deliver the customer’s instance free of any bugs.  Cask advised our client that an out-of-the-box (OOB) functionality would be the best approach to their risk management needs, and assisted with training and support when needed.

“We had some challenges understanding OOB functionality and best practices, and Cask supported us to overcome those challenges with their guidance,” the client said. “It was a good project overall and we are very happy with the end result!”

Eventually, our client will integrate their risk assessment with their overall ServiceNow management system, and they’ll utilize the other GRC modules, so they’ll be able to quantify or qualify risk from an enterprise perspective.

 “Keeping the lines of communication open and getting everyone on one system where they can all work together seamlessly was extremely important,” Lawless said.

Let’s Innovate!

Request a complimentary consultation from Cask.

Cask expertise, on tap, to understand and align to your unique challenges and desired outcomes. Our team will contact you to better understand your needs and set up a meeting with Cask advisors, aligned to your goals.

Menu