Insights | Thirdera

Global Retailer Maximizes ServiceNow GRC Investment

Written by Michael Henderson | Oct 15, 2024 1:22:53 PM

Following a successful UX redesign that enhanced the employee experience, this global retailer set their sights on driving more value from their ServiceNow Governance, Risk, and Compliance (GRC) investment. 

Project Snapshot

150

critical vendors assessed for Third-Party Risk

50

critical Business Apps with tracked key Controls

20

risk statements tracked and aligned to CIS
Client size: 29,000 Client industry: Retail Client location: Global

 

Key Challenges


Current compliance processes were manual, ad-hoc, and reactive. Thus, responses to requests and requirements for specific audits were generated and submitted as received. 

Risk scoring was subjective based on various inputs and a manual assessment, and the risk register was manually maintained in Excel.

The hierarchy between vendors and respective engagements was not configured, which made it difficult to assess, manage, and monitor vendor risk exposure effectively. 

 

Our Solution

To deliver the desired risk and compliance functionality, Thirdera proposed the implementation of three applications within ServiceNow's IRM suite across two releases of functionality. 

 

Policy and Compliance Management 
Delivered compliance functionality, including a working entity model, initial set of control objectives/controls, associated organizational policies, and initial frameworks/authorities.

 

Risk Management

Introduced Risk management functionality, including defined entities for applying risk against, an initial set of risk statements/risks with related risk frameworks, and a risk assessment process


 

Third-Party Risk Management

Leveraged ServiceNow's Third-Party Risk Management capabilities, including engagement roll-up to vendors, internal tiering assessments, external risk assessments, issues/remediations, and tiebacks to compliance controls.


 

The Result

Increase in regulatory compliance
A common control framework along with automated, scalable processes has enabled an environment of continuous compliance with multiple regulatory requirements, including Sarbanes-Oxley, PCI, and ISO 27001. 

Real-time transparency
By shifting to a risk-based approach, this client has increased visibility to key events and risk assessment status updates.

 

Enhanced governance
With systematic identification of non-compliant areas, this client has streamlined communication while providing clarity to partners and stakeholders.

About Thirdera, a Cognizant company

Thirdera, a Cognizant company is an Elite-level ServiceNow partner, enabling customers to maximize the value of the ServiceNow platform through workflow-enabled services and solutions. Founded in 2021 and acquired by Cognizant in 2024, Thirdera, a Cognizant company is one of the largest and most credentialed ServiceNow partners globally. We offer world-class guidance to help businesses accelerate growth and productivity. With expertise and capabilities spanning experience design, process optimization, and AI-accelerated solutions, we are ushering in the next era of transformation, automation, and partner expectation. Visit www.thirdera.com for more information.

Contact us today to discuss your next project and enter a new era of ServiceNow partner experience.