Corporate Governance, Risk, and Compliance (GRC) are disciplines that touch many areas of a business, from financial reporting and regulatory controls to data privacy and vendor management. While GRC activities typically take place behind the scenes, a compliance issue can become front page news in an instant. Manual processes alone are not an effective way to ensure compliance or manage risk exposure. Given the pace of business today, process automation, real-time analytics and self-service must be brought into the mix. ServiceNow uses its Governance, Risk, and Compliance portfolio—built on the Now Platform ® —to manage a wide array of compliance activities such as Sarbanes-Oxley (SOX), cyber security, data privacy, and audit management. To illustrate this, let’s take a closer look at how we manage SOX compliance.
In the past at ServiceNow, all SOX compliance activities—data gathering, documentation, communication, and reporting—were done manually with spreadsheets, PowerPoint, and email. This was time-consuming and inefficient, and there was always the risk of something slipping through the cracks. Senior Director of Internal Audit, Andrew Wheatley, and Director of IT Audit, Hassan Javed, led the move to an automated solution. Today, ServiceNow ® Governance, Risk, and Compliance helps the entire process with these key capabilities:
The following metrics demonstrate the value of automating SOX compliance with ServiceNow Governance, Risk, and Compliance:
In addition, the solution addresses three key strategic priorities:
Given the ever-changing regulatory landscape, the need for automated GRC solutions will only continue to grow within ServiceNow. Our Cloud Infrastructure team, which manages the ServiceNow instances for our customers, uses ServiceNow Governance, Risk, and Compliance to ensure ongoing compliance with security certifications, government regulations, and international standards, such as ISO 27001, FedRAMP, and SSAE 16. Increasing partner ecosystems and access to corporate networks present their own unique issues and risks, which our recently introduced Vendor Risk Management application is designed to address.
I look forward to sharing more Now on Now stories that show how we’re leveraging the power and versatility of the Now Platform.