Edgile Releases ArC Q1 2024 Update for ServiceNow

By Giovanni Sparacio, Senior Manager


Edgile, the leading cyber risk and regulatory compliance consulting firm and ServiceNow Elite partner, announced the Q1 2024 release of its Automated Regulatory Compliance (ArC) Content Service for ServiceNow.

Edgile’s award-winning ArC service delivers more than 850 harmonized laws, regulations and industry standards and automatically loads them into ServiceNow IRM.

The Q1 2024 report includes actionable information on mandates and precedents, enabling an up-to-date risk and compliance readiness posture that is proactive instead of reactive. ArC subscribers also receive a quarterly summary of noteworthy regulatory news, risk trends and enforcement activities.

What’s new with ArC in Q1?

Edgile’s harmonized ArC Content Library now contains over 850 laws, regulations and best-practice frameworks! The Q1 2024 content update adds 18 new authoritative sources to the ArC Master Library across Edgile’s three core risk taxonomies—Information Technology Risk Management (ITRM), Operational Risk Management (ORM) and Enterprise Risk Management (ERM) requirements.

Additions to the ArC Master Library for this quarter include:

A series of NIST sources that address standardized approaches to improved organizational security, privacy, and risk management postures, including:

  • NIST Cybersecurity Framework (CSF) 2.0
  • NIST SP 800-66r2 – Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule – A Cybersecurity Resource Guide
  • NIST SP 800-82r3 – Guide to Operational Technology (OT) Security

A source that defines guidelines and risk management considerations for developing advanced and secure artificial intelligence systems including:

  • ISO-IEC 42001-2023 – Information technology —  Artificial intelligence  —  Management system

A state-level source that establishes consumer data privacy rights and duties for data controllers and processors, including:

  • New Hampshire Privacy Act (2023)

set of European frameworks designed to set expectations for banks and provide guidance for crisis management protocols, including:

  • SRB – Expectations for Banks
  • SRB – Operational Guidance on Operational Continuity in Resolution 

set of financial industry regulatory provisions, including:

  • NY – NYDFS – 23 NYCRR 500 – Cybersecurity Requirements for Financial Services Companies (2023)
  • CRI Profile v2.0
  • FRB-FDIC-OCC – Interagency Guidance on Third-Party Relationships: Risk Management

A series of Australian standards aimed at regulating, enforcing, monitoring, and managing data security and risk, including:

  • Australian Prudential Regulation Authority – APRA Prudential Standard CPS 231 – Outsourcing
  • Australian Prudential Regulation Authority – APRA Prudential Standard CPS 232 – Business Continuity Management
  • Australian Prudential Regulation Authority – APRA Prudential Practice Guide CPG 233 – Pandemic Planning
  • Australian Prudential Regulation Authority – APRA Prudential Practice Guide CPG 234 – Information Security
  • Australian Prudential Regulation Authority – APRA Prudential Practice Guide CPG 235 – Managing Data Risk

A source for federal guidance on patient Substance Use Disorder (SUD) confidentiality, including: 

  • 42 CFR Part 2 – Confidentiality of Substance Use Disorder (SUD) Patient Records

A source that provides a set of governance and management objectives to help businesses develop, organize, and implement strategies around information management, including:

  • COBIT 2019 Framework

A source that defines guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI, including:

  • USDOJ – FBI – Criminal Justice Information Services (CJIS) Security Policy Version 5.9.3 


Managing regulatory changes with Edgile ArC apps

Included in the ArC Content Service subscription is the Built on Now® Edgile Regulatory Change Management application. The solution provides a closed-loop process to surgically identify necessary changes to policies, standards, and controls across the organization based on new statutes, regulations, and standards. Intelligent automation and sustainment workflows are leveraged to load the desired regulatory content changes into ServiceNow IRM using an easy-to-navigate IT risk management framework. 

The ArC Content Service is maintained by Edgile’s compliance experts in PCI DSS, Sarbanes Oxley, FFIEC, GLBA, FRB Reg A-YY, HIPAA, Privacy, FDA, NERC CIP, and more. ArC monitors federal regulatory amendments and state privacy laws, including state sources for personal information protection, security breaches, data sharing, identity theft, and notification.

ArC subscriptions are available on a paid annual basis for the following 21 verticals: Medical Device Manufacturer, Pharmaceutical Life Sciences, Healthcare Provider, Healthcare Provider + Research, Healthcare Payer, Healthcare Payer + Medicaid, Financial Services – Banking, Financial Services – Banking and Broker/Dealer, Insurance – Property and Casualty, Insurance – Property, Casualty and Life, Casino Gaming, Utilities, Oil and Gas, Manufacturing, Technology, Retail, Government, Media, Transportation, Real Estate, and Privacy.

ServiceNow IRM Quick Start Packages

ArC Content is the backbone of Edgile’s comprehensive ServiceNow IRM Quick Start packages. Quick Starts help clients avoid the costs of integrating content with ServiceNow, and the expense (both time and money) of continuously monitoring, updating and operationalizing regulatory changes.

For details on ArC ServiceNow apps and solutions, or if you want to know if a particular regulation in your industry is covered, please contact Edgile’s Risk and Security team.

Resources

Automated Regulatory Compliance (ArC) for Privacy

Accelerated privacy compliance tracking for ServiceNow IRM The accelerated digital transformation of the economy has exacerbated cybersecurity-related risks and events faced by organizations across the globe. In response to the corresponding uptick in breaches, regulatory bodies and standards publishing houses continue to deliver privacy-focused sources that promote modern safeguarding techniques for sensitive information. Edgile-Automated-Regulatory-Compliance-ArC-for-Privacy

Continue Reading Automated Regulatory Compliance (ArC) for Privacy

Connect with Edgile to get started

For details on how to optimize your risk and security programs, please contact your Edgile representative.