To gain a better understanding of our client’s IT assets, Cask helped to create the entire Risk Management Program framework, integrating with the NIST Cyber Security Framework (CSF). Cask consultants implemented the ServiceNow Integrated Risk Management application across the business enterprise, resulting in a robust risk management program that is in use today.
While the existing platform provided a lot of information, there was no central system to view the data, and our client quickly realized that utilizing ServiceNow’s risk management capability in a way that integrates with the NIST CSF framework would make their work much easier.
To begin, Cask met with stakeholders across the company’s IT departments, including Directors of Architecture, Continuity Management, Enterprise Applications, Information Security, and Problem Management. Cask’s core team for enhancement of the Integrated Risk Management application consisted of members of the GRC and Information Security teams.
The Cask team was able to create integration between our client’s existing system and ServiceNow Asset Management, including the digestion of discovered assets and information into the ServiceNow platform; identifying any excess assets along the way.
Developing a defined, solid scope of work before developing any systems helped everyone involved to get to know the path forward, laying the groundwork for a very positive business relationship between our client’s stakeholders and the Cask team.
“We integrated multiple risk registers into ServiceNow’s IRM application and created a Risk Management Action Plan with over 200 steps to take over the following months to mature the use of the application in a way that is coordinated with the overall Program’s objectives,” Nieddu said.
The firm had a lot of enthusiasm and investment in risk management, but just not enough time to put all the pieces together into a cohesive framework.”
Heath Nieddu, Senior Security Consultant
Today, our client’s GRC function is driven by Business Objectives and Risk Analysis versus Audit and Compliance.
When the client needed some training, Cask was able to work through the process with them. When one of the client’s main stakeholders left like halfway through the project, Cask was able to continue working, without missing a beat. Over the course of the project, Cask was able to advise on the process and next steps to keep the program development on track.
Through this partnership, Cask was successfully able to provide visibility into where assets were being utilized, and how to best utilize our client’s IT assets on the ServiceNow platform. The Cask team was able to successfully rebuild our client’s Risk Management program and coordinate program enhancements along with the deployment of ServiceNow Integrated Risk Management services.
Request a complimentary consultation from Cask.
Cask expertise, on tap, to understand and align to your unique challenges and desired outcomes. Our team will contact you to better understand your needs and set up a meeting with Cask advisors, aligned to your goals.