In today’s environment, organizations face increasing risk amid the pandemic and continued economic, geopolitical, and climate change-driven disruption. As a trusted partner to companies as they focus on mitigating operational risk, ServiceNow is pleased to announce new Operational Risk and Resilience capabilities for the enterprise that will help companies manage operational disruption. We are also expanding our support for risk and cybersecurity in key verticals, including financial services, government, and healthcare.
These innovations enhance ServiceNow's risk capabilities to enable organizations to break down silos and automate workflows across the enterprise in order to better manage operational risk. They also establish a strong foundation of operational resilience to enable business continuity in this new world of work.
We're introducing these new capabilities as organizations are confronted with new external pressures, requiring continued focus on operational risk management and mitigation. According to Forrester, "To survive and thrive in today's business environment, organizations must improve resilience and prepare for disruption if they hope to remain relevant and deliver value. The business case for [Governance, Risk and Compliance] must focus on improving risk visibility, aligning GRC efforts to business priorities, and delivering forward-looking insights to help firms act quickly and decisively." 1
Resilient organizations anticipate these problems, develop controls, monitoring, and actionable response plans to minimize the impact, respond effectively when problems do occur, and learn and adapt from their experiences. In our recent Now Platform® Paris release in September 2020, ServiceNow unveiled its Business Continuity Management (BCM) solution. BCM delivers automated business impact analysis, business continuity plan development, and crisis management by leveraging context within ServiceNow's Now Platform to enable operational resilience. It also works with the Safe Workplace Apps to help support a resilient and compliant workforce as well as safe facilities.
Operational resilience requires a strong business continuity management program, but it requires more than that to achieve organizational strength. Our new Operational Risk and Resilience capabilities round out BCM, and they include:
New Operational Resilience Management overcomes silos to provide continuous visibility and impact-based guidance that empower each line of business to understand and manage operational risks to key business processes. The application calculates and tracks technology, supplier, facilities, and people resilience and recommends actions based on risk scores and the range of processes affected. This capability, available in November 2020, will help support compliance with the UK FCA regulation for operational resilience as well as broader Operational Resilience needs. It is also included with the Professional and Enterprise editions of the Integrated Risk Management product.
Enhanced Third-Party Risk Management offers the flexibility and richness permit for tighter oversight of vendors and supply chains, which are critical to an organization's products and services, customers, and workforce. Sophisticated assessment supports supplier hierarchies and subsidiaries, and also provides ways to assess each level in the hierarchy based on different areas of risk, such as bankruptcy, delivery, and cybersecurity. These capabilities within ServiceNow® Vendor Risk Management can be downloaded today from the ServiceNow Store.
Operational resilience and risk management go hand-in-hand. Operational risk management encompasses many types of risks including business continuity, resiliency, technology, third-party, data loss, regulations, and cybersecurity.
The challenge of managing operational risk efficiently results from diverse and separate teams, data sets, and tools that are involved. Each group has its own priorities, risk types, and approaches, so much of the work is performed manually and in spreadsheets. Each audit is a new cycle of effort, and risk leaders can't effectively manage or report on the overall risk posture.
As part of this announcement, we connect risk management across these domains with an innovative, advanced risk assessment engine that supports evaluation, manually or automatically, of any type of risk using any methodology. This engine supports the need for each line of business to use unique ways to define and assess risk and encourages front line self-assessment with automated and manual options. As part of integrated risk management, it simplifies the identification of noncompliant controls and monitoring of high-risk areas while tracking the full range of risk events.
These new and enhanced capabilities are core to any business and give COOs, or any executive overseeing operational risk functions, the ability to manage risk across organizational silos. And while other risk and resilience solutions require extensive customization and integration, the ServiceNow Operational Risk and Resilience capabilities can integrate with existing enterprise workflows and embed risk indicators throughout the business – across HR, customer service, and IT workflows – with minimal implementation effort, delay, or added cost.
In addition to the new and expanded solutions for Operational Risk and Resilience, ServiceNow is also offering new support for frameworks and regulatory change management, which helps key industries (government, financial services, and healthcare) keep up with the volume, variety and increasingly prescriptive regulatory requirements. With this new support for NIST RMF, CIS Top 20 Controls, Bank for International Settlements (BIS) guidance, and change management to automate regulatory updates, organizations can be more effective in managing their compliance obligations. External and internal sources can be managed together more efficiently, permitting more automated workflows, and increasing consistency and accountability.
According to Frederic Veron, Business Resiliency and Continuity Leader at Ernst & Young LLP (EY), "We view ServiceNow’s roadmap acceleration into operational risk as a game changer for the industry. The ability to address risk in real-time is why we’ve created the EY operational resilience framework for our financial services clients on the Now Platform. This framework helps our customers support day-to-day operations through any disruption—from normal and benign, to major events—while minimizing business impact. Such resiliency is needed now more than ever as many organizations navigate a shift to increased remote operations."
ServiceNow has proven leadership in bringing IT, security, HR, customer service, and other organizational workflow data together with risk management processes for a unified, modern solution on the Now Platform. ServiceNow's risk solution has been positioned a Leader in the Gartner Magic Quadrant for Integrated Risk Management for its ability to deliver continuous monitoring, prioritization, and automation for risk response.
If your organization is facing operational risk challenges or wants to chart a course to operational resilience, reach out to a ServiceNow representative to learn how we can help. We are here to support you on your journey.
For more information on our new and enhanced capabilities for enterprise-grade Operational Risk and Resilience, visit: servicenow.com/risk.
The new C-suite KPI: operational resilience (Workflow article)
How to build a risk-informed business (ServiceNow blog)
1 Forrester: Build The Business Case For GRC – January 7, 2020 (By Alla Valente, Renee Murphy with Amy DeMartine, Kate Pesa, Peggy Dostie)
© 2020 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.