By Vasant Balasubramanian, Head of Risk Products,
ServiceNow
In today's environment, organizations face
increasing risk amid the pandemic and continued economic, geopolitical, and
climate change-driven disruption. As a trusted partner to companies
as they focus
on mitigating operational risk, ServiceNow is pleased to
announce new Operational Risk and Resilience capabilities for
the enterprise that will help companies manage operational
disruption. We are also expanding our support for risk and
cybersecurity in key verticals, including financial services, government, and healthcare.
These innovations enhance ServiceNow's risk capabilities to enable organizations to break
down silos and automate workflows across the enterprise in
order to better manage operational risk. They also establish a strong
foundation of operational
resilience to enable business continuity in this new world
of work.
We're introducing these new capabilities as organizations are
confronted with new external pressures, requiring continued
focus on operational risk management and mitigation. According to
Forrester, "To survive and thrive in today's business
environment, organizations must improve resilience and prepare for disruption
if they hope to remain relevant and deliver value. The business case for [Governance, Risk
and Compliance] must focus on improving risk visibility,
aligning GRC efforts to business priorities, and delivering
forward-looking insights to help firms act quickly and decisively."
Resilient organizations anticipate
these problems; develop controls, monitoring, and actionable response plans to minimize the impact; respond effectively
when problems do occur; and learn and adapt from their
experiences. In our recent Now Platform Paris release in September 2020, ServiceNow
unveiled its Business Continuity Management (BCM) solution. BCM delivers automated
business impact analysis, business continuity plan development, and crisis
management by leveraging context within ServiceNow's Now
Platform to enable operational resilience. It also works with
the Safe Workplace Apps to help support a resilient and compliant
workforce as well as safe facilities.
Operational resilience requires a strong business
continuity management program, but it requires more than that
to achieve organizational strength. Our new
Operational Risk and Resilience capabilities round out BCM, and
they include:
- New Operational Resilience Management overcomes silos to
provide continuous visibility
and impact-based guidance that empower each line of business to
understand and manage operational risks to key business processes.
The application calculates and tracks technology, supplier,
facilities, and people resilience
and recommends actions based on
risk scores and the range of processes
affected. This capability, available in
November 2020, will help support compliance with the UK FCA regulation
for operational resilience as well as broader Operational
Resilience needs. It is also included with the Professional
and Enterprise editions of the Integrated Risk Management
product.
- Enhanced Third-Party Risk
Management offers the flexibility
and richness permit for tighter oversight of vendors and supply chains,
which are critical to an organization's products and
services, customers, and workforce. Sophisticated assessment
supports supplier hierarchies and subsidiaries, and
also provides ways to assess each level in the
hierarchy based on different areas of risk, such as
bankruptcy, delivery, and cybersecurity. These
capabilities within ServiceNow Vendor Risk Management can
be downloaded today from the ServiceNow Store.
Operational resilience and risk management go
hand-in-hand. Operational risk management encompasses many types
of risks including business continuity, resiliency,
technology, third-party, data loss, regulations, and cybersecurity.
The challenge of managing operational
risk efficiently results from diverse and separate teams, data
sets, and tools that are involved. Each group has its own priorities,
risk types, and approaches, so much of the work is performed manually and
in spreadsheets. Each audit is a new cycle of effort, and risk
leaders can't effectively manage or report on the overall
risk posture.
As part of this announcement, we connect risk
management across these domains
with an innovative, advanced risk assessment engine that supports evaluation,
manually or automatically, of any type of risk using any
methodology. This engine supports the need for each line of
business to use unique ways to define and assess risk, and encourages
front line self-assessment with automated and manual options. As part of
integrated risk management, it simplifies the identification of
noncompliant controls and monitoring of high-risk areas while tracking the full
range of risk events.
These new and enhanced capabilities are core to
any business and give COOs, or any executive overseeing operational risk
functions, the ability to manage risk across organizational silos.
And while other risk and resilience solutions require extensive
customization and integration, the ServiceNow Operational Risk
and Resilience capabilities can integrate with existing enterprise
workflows and embed risk indicators throughout the business - across HR,
customer service, and IT workflows - with minimal implementation effort,
delay, or added cost.
In addition to the new and expanded
solutions for Operational Risk and Resilience, ServiceNow is also
offering new support for frameworks and regulatory change
management, which helps key industries (government, financial
services, and healthcare) keep up with the volume, variety and
increasingly prescriptive regulatory requirements. With this new
support for NIST RMF, CIS Top 20 Controls, Bank for International
Settlements (BIS) guidance, and change management to automate
regulatory updates, organizations can be more
effective in managing their compliance
obligations. External and internal sources can be managed together more
efficiently, permitting more automated workflows, and increasing consistency
and accountability.
According to Frederic Veron, Business Resiliency
and Continuity Leader at Ernst & Young LLP (EY), "We view ServiceNow's
roadmap acceleration into operational risk as a game changer for the industry.
The ability to address risk in real-time is why we've created the EY operational
resilience framework for our financial services clients on the Now Platform.
This framework helps our customers support day-to-day operations through any
disruption-from normal and benign, to major events-while minimizing business
impact. Such resiliency is needed now more than ever as many organizations
navigate a shift to increased remote operations."
ServiceNow has proven leadership in bringing
IT, security, HR, customer service, and other
organizational workflow data together with risk management processes for a
unified, modern solution on the Now Platform. ServiceNow's risk
solution has been positioned a Leader in the Gartner Magic Quadrant for Integrated Risk Management for
its ability to deliver continuous monitoring, prioritization, and automation
for risk response.
If your organization is facing
operational risk challenges or wants to chart a course to
operational resilience, reach out to a ServiceNow
representative to learn how we can help. We are here to support
you on your journey.
For more information on our new and
enhanced capabilities for enterprise-grade Operational Risk and Resilience,
visit: servicenow.com/risk.