Policies implemented
Authority documents mapped
Up-to-date visibility of compliance status for executives
Avanade needs effective and efficient processes to meet its internal and clients’ regulatory requirements
As a leading global professional services company, Avanade needs to show compliance to its clients, regulators, and its parent company. It’s especially important to meet strict regulatory requirements, including ISO, GDPR, HIPAA, CCPA, and SSAE 18. Because of this, Avanade, which is a subsidiary of Accenture, has an overriding focus on effective governance, risk, and compliance (GRC).
ServiceNow helps Avanade connect and automate its GRC processes, increasing scalability and eliminating time-consuming manual work
Avanade had issues with its existing GRC environment. According to Ann Auerbach, Global Certification and Compliance Manager at Avanade, “We had an on-premises system, but we were concerned about its scalability. And, despite having a tool, our compliance team still had to use spreadsheets to track regulatory updates from our legal team. Our team is small, so we were overloaded—particularly with the high number of regulatory changes.”
Avanade had recently deployed ServiceNow IT Service Management (ITSM). To address its GRC challenges, it decided to migrate from its existing tool to ServiceNow Governance, Risk, and Compliance and add ServiceNow Security Operations to the Now Platform®.
Ann says, “The transition to ServiceNow for GRC was completed with the help of Accenture in just six months. Before, governance, risk, and compliance were disconnected processes. With ServiceNow, they all work together. For example, by looking at compliance, we can immediately see our risks.”
The company gets major benefits from having GRC, SecOps, and ITSM on a single platform
Greg Petersen, Director of Security Technology and Operations at Avanade, says, “GRC, Security Operations, and ITSM belong together. For example, take security incidents. When an asset in our CMDB is involved in a security incident, we can see right away if there’s a corresponding policy exception—for instance, an approval to defer a patch. By tying security incidents and exceptions together, it is easier to identify potential gaps in our security exception process.”
Greg Petersen
Director of Security Technology and Operations
By integrating data from other systems, ServiceNow helps Avanade lower risk and reduce effort
Greg also stresses the value of ServiceNow as an integrated platform. “ServiceNow gives us a robust platform where we can take in large amounts of information, rather than having to join up data manually. That’s critical when you only have a small support staff. For example, we’ve integrated ServiceNow with our SIEM platform. That allows us to respond far more quickly to security alerts and manage these risks more effectively."
The platform also provides the scalability for policies that were in question with the original on-premises system. Ann states, “Since implementing the ServiceNow® Policy and Compliance module, we’ve implemented 63 policies and mapped 93 authority documents, which represents 1,348 controls.”
“We’ve also integrated ServiceNow with Unified Compliance Framework,” says Ann. “Now, our compliance team gets updates mapped across regulations in a database instead of wrestling with spreadsheets. That’s given us a quantum leap forward in compliance reporting for our executives. And, we save lots of time—in the past, mapping across regulations could take months of manual effort versus now—it takes minutes to query across regulatory requirements.”
Avanade sees ServiceNow as a key partner as it extends solutions across the enterprise
ServiceNow momentum at Avanade continues to build. “ServiceNow is a critical partner for Avanade,” explains Ann. “We see it as a true enterprise platform. We will continue to focus on integration across our GRC processes so we can add further value to the business. And, as we grow, we are not just looking at IT. For instance, we’ve just implemented ServiceNow® HR Service Delivery.”
Explore the solution that helps Avanade create an integrated risk program