Share with your friends

Organisations often have a number of decentralised risk management and security systems, resulting in isolated silos and the absence of an overview over processes and large amounts of data. ServiceNow eases the workload with an ”ask-once-serve-many” approach. The inbuilt workflows automate and optimise manual processes and a single platform ensures consistent reporting that is always based on the same data.

Here at KPMG we have a deep and clear insight into these processes and how the business operates within Compliance, Risk Management and IT Security. We have helped a great number of organisations, including large financial sector clients, to transform and optimise the way they work and operate by implementing Governance, Risk and Compliance systems (GRC) or IT security systems (SecOps). 

ServiceNow's GRC package
The GRC package in ServiceNow contains applications that support risk management, internal controls and compliance management. These can be directly linked to the business's asset directory, including processes and divisions. Third party solutions ensure an up to date and complete list of regulatory requirements. ServiceNow GRC creates a structured approach and a clearly defined connection between the areas of responsibility in the business's lines of defence. 

Primary/main GRC applications: 

  • Policy & Compliance
  • Risk
  • Vendor Risk Management
  • Audit

ServiceNow Security Operations
There is an increased focus on IT security and many organisations find themselves in a situation where they don't have an overview over their security systems and are also unaware of the security threats they are facing. ServiceNow Security Operations optimise the process regarding security incidents by integrating third party tools and combining new and existing data in ServiceNow. Automating and prioritising security incidents ensures that the organisation is alerted when there are security threats.

Primary Security Operations application:

  • Security Incident Response
  • Vulnerability Response
  • Threat Intelligence
  • Configuration Compliance