Empowering a Non-Profit Federation with ServiceNow Integrated Risk Management Solution
Client Overview
A privately held non-profit federation delivers essential automotive, travel, insurance, and financial services to 60+ million members in North America. Through 1,000+ offices and 100,000+ professionals, it provides access to safer mobility, personalized travel, and insurance (including auto, home, and life).
Client's Challenge
The organization faced increasing compliance demands, including:
- Expanding compliance requirements, including a recent mandate to implement NIST 800-53 R5.
- Controls were managed across multiple systems because there was no single repository.
- The Policy Exception process is manual, relying on Excel spreadsheets for data management.
- A critical need to implement automation solutions to enhance compliance management efficiency and reduce manual effort.
Milestone Solution
The non-profit federation’s core offerings and business units are closely tied to consumer well-being and safety, making uninterrupted service delivery a non-negotiable imperative. This emphasizes the importance of their cybersecurity and Governance, Risk, and Compliance (GRC) programs, which safeguard mission-critical operations. The non-profit approached Milestone Technologies to deliver world-class cybersecurity and risk management services for its customers.
- Implemented authority documents with a focus on PCI-DSS and NIST authority documents.
- Implemented policy management to support internal policies.
- Imported controls and risks data and configured assessment templates.
- Consolidated multiple legacy exception request processes into one global process with specific review and approval rules.
Value Delivered
- Automated measurement and tracking of internal compliance status against PCI DSS and NIST 800-53 Revision 5 standards.
- Implemented a standardized policy management process supported by a global policy registry.
- Automated assessment process for controls and risks, improving accuracy and efficiency.
- Provided end-to-end policy exception lifecycle management, ensuring transparency and consistent governance.
Service That Powered
Integrated Risk Management (IRM)
Want to Learn More?
Milestone experts take the time to listen, understand your needs, and provide the right mix of tools, technology, and resources to help you meet your goals.