Nation’s Largest Energy Delivery Company Optimizes Certification with ServiceNow GRC

The nation’s largest energy delivery company completed the spin-out to an independent, publicly traded company. This transition required the customer to update many of its Information Technology (IT) systems, GRC processes, and staff. They faced challenges with inaccurate GRC data such as CMDB business application and entity. As a result, they required a thorough comparison across multiple sources and subsequent development of a single source of truth. The customer also encountered diculties revamping and streamlining the GRC attestation, control, and exception workflow and sought subject matter expertise in ServiceNow to find pain points in the GRC, control, and attestation process.
Challenges

The nation’s largest energy delivery company completed the spin-out to an independent, publicly traded company. This transition required the customer to update many of its Information Technology (IT) systems, GRC processes, and staff.

They faced challenges with inaccurate GRC data such as CMDB business application and entity. As a result, they required a thorough comparison across multiple sources and subsequent development of a single source of truth. The customer also encountered difficulties revamping and streamlining the GRC attestation, control, and exception workflow and sought subject matter expertise in ServiceNow to find pain points in the GRC, control, and attestation process.

Windward provided advisory, design and development support to the Cybersecurity and Compliance Team in the post-migration configurations of ServiceNow Risk and Compliance module to the customers instance in preparation for certification efforts.

Solutions

Windward provided advisory, design and development support to the Cybersecurity and Compliance Team in the post-migration configurations of ServiceNow Risk and Compliance module to the customers instance in preparation for certification efforts. Throughout the engagement Windward provided validation, configuration, and support for the compliance team with a focus on enabling the ServiceNow platform to align with the needs of the customer and assist in preparing the platform and organization.

Results
  • Added improvements to attestation process and control workflow.
  • Overcame challenges with identifying business application owners and standardizing data to multiple areas within the GRC module.
  • Imported Control and Entity data despite facing issues with the system auto-generating data.
  • The certification dashboard was created to capture control statuses and ownership.