Nation’s Largest Producer of CarbonFree Energy Enhances Cybersecurity Controls and Compliance with ServiceNow GRC
Challenges
In February of 2022, the nation’s largest electric utility company completed the spin-out of energy production to be an independent, publicly traded company. This transition required our customer to rebuild many of its Information Technology (IT) systems and processes.
Our customer entered into Transition Support Agreements (TSAs) for a finite amount of time to facilitate a smooth transition to independence. As part of the TSA, our customer sought ServiceNow GRC expertise to assist them with planning, data preparation, updates to GRC workflows, and implementation to complete their end of 2023 certification process.
Windward provided the Cybersecurity and Compliance Team planning, design, and implementation support for a newly migrated ServiceNow GRC application in preparation for certification efforts.
Solutions
Windward provided the Cybersecurity and Compliance Team planning, design, and implementation support for a newly migrated ServiceNow GRC application in preparation for certification efforts. Throughout the engagement, Windward worked closely with the compliance team to enable the ServiceNow platform to align with the needs of certification needs of the customer. This encompassed addressing challenges in recognizing and managing control data, ensuring data readiness, updating GRC configurations, refining reports and dashboards, and providing guidance on organizational change
Results
Established data readiness across ServiceNow foundational data, CI’s, assets, APM, GRC controls and related data to fully support the certification process. This included addressing gaps in their Entity structure (Infrastructure, Common, Application, Facilities) and controls.
Enriched situational reports and dashboards for managers and program leaders who rely on control data to scope and prioritize certification progress, remediation efforts, and capacity building.
Updated ServiceNow GRC configurations, which totaled approximately two dozen detailed user stories, to align to the customer’s certification processes.
Supported our customer’s cybersecurity leaders on organizational process transitions, which included planning, technical execution, coordination, and oversight of project tasks associated with tool-process alignment.
Advised how to best leverage ServiceNow capabilities, including security exceptions, continuous monitoring, risk management, vulnerability response and third-party risk management.