Edgile Q3 ArC Release for ServiceNow

This week, we released our Q3 update for our award-winning ArC service delivering more than 600 harmonized laws, regulations and industry standards.  The release includes standard industry content updates and a special curated package of content developed for the Rome release of ServiceNow’s new GRC Privacy Management module. 

Edgile Partner Brian Rizman explains it well: “Regulatory environments across all industries are continuing to advance, prompting organizations to develop consistent and sustainable processes to manage regulatory changes or otherwise risk falling out of compliance. Our ArC Content accelerator facilitates the easy identification, addition and removal of mandates, and adds effective capabilities to manage downstream impacts to policies, controls, and processes. Edgile’s ServiceNow IRM implementation methodology, coupled with our ArC Content accelerator, allows us to stand up fully integrated risk management solutions that generate both measurable and actionable risk and compliance insights for clients within a matter of weeks.”

So what’s new with ArC in Q3?

We’ve made some exciting enhancements, including an exclusively curated package of privacy-focused content developed in conjunction with the highly anticipated Rome release of ServiceNow’s new GRC Privacy Management module.

Edgile’s expert team of risk consultants, software developers and lawyers created the Edgile ArC Privacy Content Pack to deliver harmonized laws and regulations along with risk, governance and control-related information as “content” directly to ServiceNow IRM platform instances to support organizational management of complex privacy compliance requirements. The ArC Privacy Pack includes over 300 authority documents for industry-specific privacy laws and 13,000+ verbatim citations that enable traceability to mandate-specific guidance within ServiceNow IRM. Each citation is strategically mapped to Edgile’s taxonomy of ITRM integrated requirements, each composed of a control objective and risk statement for truly integrated risk and compliance management.

In many organizations, risk and compliance postures are presented to the Board of Directors with simple “stop light” indicators of red, amber or green across traditional cybersecurity domains. But this approach lacks context and insight. Using ArC apps, our clients can show both qualitative and quantitative values with the ability to drill down into lower level details as necessary. As described by the Chief Risk Officer of a large financial institution, “this gives the board a clear line of sight into where investments are paying off and where additional work is to be done. And the quantitative view gives the necessary context into ‘how big the bread basket’ is from a risk and remediation perspective, ultimately giving the Board greater comfort that management is focused on the right corrective actions.”

The 2021 Q3 content update adds 27 new authoritative sources to the ArC Master Library across Edgile’s three core risk taxonomies—Information Technology Risk Management (ITRM), Operational Risk Management (ORM) and Enterprise Risk Management (ERM).

This release onboards 12 FedRAMP sources, which address standardized security authorization approaches for organizations seeking to offer validated, secure cloud services to the United States federal government. The new source additions include:

• FedRAMP Security Assessment Framework v2.4
• FedRAMP High Baseline Security Controls
• FedRAMP Moderate Baseline Security Controls
• FedRAMP Low Baseline Security Controls
• FedRAMP Continuous Monitoring Performance Management Guide v2.1
• FedRAMP Continuous Monitoring Strategy Guide v3.2
• FedRAMP Penetration Test Guidance v2.0
• FedRAMP Incident Communications Procedures v4.0
• FedRAMP Vulnerability Scanning Requirements v1.0
• FedRAMP Significant Change Policies and Procedures v1.0
• FedRAMP Vulnerability Scanning Requirements for Containers v1.0
• FedRAMP Agency Guide for Multi-Agency Continuous Monitoring v3.0

In addition, two CIS Benchmarks are being introduced this quarter: CIS Windows 10 Enterprise (Release 1809) Benchmark v1.6.1 and CIS Amazon Web Services Foundations Benchmark v1.2.0. The Q3 release also incorporates a series of new state-specific sources that focus both on the improvement of insurance data security and general cybersecurity/data privacy control, including:

• Wisconsin Insurance Data Security Act
• Minnesota Insurance Data Security Act
• Hawaii Insurance Data Security Law
• Tennessee Insurance Data Security Law
• Iowa Insurance Data Security Act
• North Dakota Insurance Data Security Act
• Maine Insurance Data Security Act
• Colorado Privacy Act
• Connecticut Data Breach Notification Act
• Connecticut Cybersecurity Standards Act

Finally, three regulatory best-practice and guideline sources focused across the Healthcare, Manufacturing and Financial Services industries are in this release, including:

• The Joint Commission – Comprehensive Accreditation Manual for Hospitals 2021
• 22 CFR Chapter I – Subchapter M – International Traffic in Arms Regulations
• The Hong Kong Association of Banks – Secure Tertiary Data Backup (STDB) Guideline Version

Managing regulatory changes with Edgile ArC apps

Included in the ArC Content Service subscription is the Built on Now® Edgile Regulatory Change Management application. The solution provides a closed-loop process to surgically identify necessary changes to policies, standards and controls across the organization based on new statutes, regulations and standards. Intelligent automation and sustainment workflows are leveraged to load the desired regulatory content changes into ServiceNow IRM, using an easy-to-navigate IT risk management framework.

The ArC Content Service is maintained by Edgile’s compliance experts in PCI DSS, Sarbanes Oxley, FFIEC, GLBA, FRB Reg A-YY, HIPAA, Privacy, FDA, NERC CIP, and more. ArC monitors federal regulatory amendments and state privacy laws, including state sources for personal information protection, security breaches, data sharing, identity theft and notification.

ArC subscriptions are available on a paid annual basis for the following 21 verticals: Medical Device Manufacturer, Pharmaceutical Life Sciences, Healthcare Provider, Healthcare Provider + Research, Healthcare Payer, Healthcare Payer + Medicaid, Financial Services – Banking, Financial Services – Banking and Broker/Dealer, Insurance – Property and Casualty, Insurance – Property, Casualty and Life, Casino Gaming, Utilities, Oil and Gas, Manufacturing, Technology, Retail, Government, Media, Transportation, Real Estate, and Privacy.

ServiceNow IRM Quick Start Packages

ArC Content is the backbone of Edgile’s comprehensive ServiceNow IRM Quick Start packages. Quick Starts help clients avoid the costs of integrating content with ServiceNow, and the expense (both time and money) of continuously monitoring, updating and operationalizing regulatory changes.

For details on ArC ServiceNow apps and solutions, or if you want to know if a particular regulation in your industry is covered, please contact Edgile’s Risk and Security team.