GenAI banner

Compliant thanks to ServiceNow IRM

A collection of companies specialized in the design-in and supply of component technologies wanted to be able to create and enforce policies to comply to government regulations and to incorporate third-party risk assessment data from their IT infrastructure. We helped them set this up with ServiceNow Integrated Risk Management (IRM) and become compliant.

Hands on laptop keyboard with staggered transparent overlay of white checkmark, danger and justice icons

Challenge

The customer’s key objective was to create and manage policies that would help them comply with various government regulations. Additionally, they had recently completed a third-party audit of their IT infrastructure, and they wanted the results from that risk assessment to be integrated into the system.

At the outset, the customer’s ServiceNow environment was in its early stages. While they had implemented Universal Request, a service portal, and integrated Azure SSO for user creation, they had no other configurations in place. This green instance provided a clean slate, but it also meant that there was a significant amount of work ahead to bring the necessary features online.

 

Solution

With a limited number of contracted hours available each month, we had to strategically structure the implementation of the Policy and Compliance Management and Risk Management components of the IRM suite to ensure maximum value in each phase:

 

1. Risk Management Implementation
We began by importing the risk data from the third-party audit into the system. From there, we worked with the customer to define risk assessment criteria that would allow them to measure the severity of each risk and how effectively it was being mitigated. This involved configuring the Risk workspaces and creating detailed reports to visualize the organization’s risk posture.

2. Compliance Management Setup
The next focus was on Compliance Management. Starting with a few Authority Documents, we manually ingested these into the system, as the customer chose not to set up automated integrations for document imports. To address this, we used external tools, such as Python, to efficiently import publicly available Authority Documents into the system.

After ingesting the required documents, we moved on to policy creation. We demonstrated how policies could be tied to both internal risks and external regulations, helping them build a more cohesive compliance framework. The team also configured the Policy workspaces and reports, which provided them with valuable insights into their compliance status.

3. Entity Data Integration
For ServiceNow’s IRM module to function properly, Risks and Policies needed to be associated with Entities. These Entities included users, locations, configuration items (CIs), assets, and services—data that the customer had not yet fully populated in their instance. A significant portion of our work involved importing this critical data and establishing automated processes to ensure that it remained up to date.

4. Training and final touches
As we neared the end of the project, our focus shifted to creating user groups, setting up the knowledge base, and delivering tailored training to the customer’s team. This empowered them to effectively manage the system on their own and to maintain compliance and risk management processes independently.

 

Results

With a robust governance and risk management system in place, with integrated policies, risk assessment capabilities, and compliance tools, the customer now meets regulatory requirements while managing internal risks effectively.

waves

Talk to the expert

Schedule a call with one of our ServiceNow IRM implementation experts. They’ll be happy to tell you more!

Talk to the expert