PARK NOW Group: GRC
With 22+ million customers in 11 countries, the PARK NOW Group offers a suite of fully integrated, comprehensive parking management solutions. Operating under four brands – PARK NOW, Parkmobile, Park-line and RingGo – they offer user-friendly mobile apps that take the pain out of parking. With more than 155,000,000 parking transactions a year, being able to demonstrate compliance is key for the PARK NOW Group.
Challenge
Due to national and international laws and regulations and standards, the PARK NOW Group needs to demonstrate compliancy with e.g. ISO27001, PCIDSS and ISO9001. Therefore, a substantial portion of the overall organizational cost structure is allocated to the Risk and Compliance Dept. In fulfilling its own departmental (sub-)goal of demonstrating compliancy to external auditors, a lot of manual, labor-intensive and inefficient actions were performed on a daily basis. This had a significant financial impact, but also increased the risk of non-compliance due to missing evidence, as no central repository was available. Because the auditability of the PARK NOW Group is directly impacted by the visibility and availability of control (audit) evidence, an efficient, robust and reliable standardized process for control (audit) evidence collection was needed.
Solution
We used the out-of-the-box Governance Risk & Compliance module in ServiceNow’s integrated Enterprise Service Management to automate the process of collecting all key control (audit) evidence documentation of the PARK NOW Group. Utilizing standardized GRC workflows, control attestations, indicators and the integrated Unified Compliance Framework (UCF), we have drastically reduced the operational risk of non-compliance. A single system of records, central repository of controls and control evidence has enabled the Risk and Compliance Dept to shift away from traditional, uncoordinated and inefficient means of communication (email, phone calls, Excel sheets, etc.) to become a more efficient and value adding department.