Exciting news! Thirdera has been acquired by Cognizant.

Read More
Contact Us

Global Retailer Maximises ServiceNow GRC Investment

Following a successful UX redesign that enhanced the employee experience, this global retailer set their sights on driving more value from their ServiceNow Governance, Risk, and Compliance (GRC) investment. 

Project Snapshot

150

critical vendors assessed for Third-Party Risk

50

critical Business Apps with tracked key Controls

20

risk statements tracked and aligned to CIS
Client size: 29,000 Client industry: Retail Client location: Global

 

Key Challenges


alert exclamation point warning caution icon thirdera pink (2)

Current compliance processes were manual, ad-hoc, and reactive. Thus, responses to requests and requirements for specific audits were generated and submitted as received. 

alert exclamation point warning caution icon thirdera pink (2)

Risk scoring was subjective based on various inputs and a manual assessment, and the risk register was manually maintained in Excel.

alert exclamation point warning caution icon thirdera pink (2)

The hierarchy between vendors and respective engagements was not configured, which made it difficult to assess, manage, and monitor vendor risk exposure effectively. 

 

Our Solution

To deliver the desired risk and compliance functionality, Thirdera proposed the implementation of three applications within ServiceNow's IRM suite across two releases of functionality. 

checklist icon thirdera (5)

 

Policy and Compliance Management 
Delivered compliance functionality, including a working entity model, initial set of control objectives/controls, associated organisational policies, and initial frameworks/authorities.

shield simple icon thirdera pink

 

Risk Management

Introduced Risk management functionality, including defined entities for applying risk against, an initial set of risk statements/risks with related risk frameworks, and a risk assessment process

Security  thirdera pink

 

Third-Party Risk Management

Leveraged ServiceNow's Third-Party Risk Management capabilities, including engagement roll-up to vendors, internal tiering assessments, external risk assessments, issues/remediations, and tiebacks to compliance controls.


 

The Result

Increase in regulatory compliance
A common control framework along with automated, scalable processes has enabled an environment of continuous compliance with multiple regulatory requirements, including Sarbanes-Oxley, PCI, and ISO 27001. 

Real-time transparency
By shifting to a risk-based approach, this client has increased visibility to key events and risk assessment status updates.

 

Enhanced governance
With systematic identification of non-compliant areas, this client has streamlined communication while providing clarity to partners and stakeholders.

About Thirdera, a Cognizant company

Thirdera, a Cognizant company is an Elite-level ServiceNow partner, enabling customers to maximise the value of the ServiceNow platform through workflow-enabled services and solutions. Founded in 2021 and acquired by Cognizant in 2024, Thirdera, a Cognizant company is one of the largest and most credentialed ServiceNow partners globally. We offer world-class guidance to help businesses accelerate growth and productivity. With expertise and capabilities spanning experience design, process optimisation, and AI-accelerated solutions, we are ushering in the next era of transformation, automation, and partner expectation. Visit www.thirdera.com for more information.

Contact us today to discuss your next project and enter a new era of ServiceNow partner experience.

Get in touch

WRITTEN BY

Michael Henderson

Michael has been a content marketing professional in the ServiceNow space for over 10 years. His focus is developing engaging content that empowers clients to make informed decisions throughout their service management journey.
[security-risk, case-study, irm] [Security & Risk, Case Study, IRM]