Edgile Releases ArC Q2 2022 Update for ServiceNow

By Giovanni Sparacio

Last week, Edgile, the leading cyber risk and regulatory compliance consulting firm and ServiceNow Elite partner, announced the Q2 2022 release of its Automated Regulatory Compliance (ArC) Content Service for ServiceNow.

Edgile’s award-winning ArC service delivers more than 675 harmonized laws, regulations and industry standards and automatically loads them into ServiceNow IRM.

The Q2 2022 report includes actionable information on mandates and precedents, enabling an up-to-date risk and compliance readiness posture that is proactive instead of reactive. ArC subscribers also receive a quarterly summary of noteworthy regulatory news, risk trends and enforcement activities.

“Client feedback has been very positive. Financial services clients for FSI-specific mandates and privacy across all industries are two in particular that are getting tremendous value from the content updates.”


Brian Rizman

Edgile Partner
Connect with Brian

“Clients are very eager to receive our quarterly updates and get new sources on-boarded; we are seeing a 30% increase in requests year-over-year which means the message is getting out.”


Giovanni Sparacio

Edgile ArC Product Manager
Connect with Giovanni

What’s new with ArC in Q2?

Edgile’s harmonized ArC Content Library now contains over 675 laws, regulations and best-practice frameworks! The Q2 2022 content update adds 25 new authoritative sources to the ArC Master Library across Edgile’s three core risk taxonomies—Information Technology Risk Management (ITRM), Operational Risk Management (ORM) and Enterprise Risk Management (ERM) requirements.

Additions to the ArC Master Library for this quarter include:

A family of Federal publications and standards that provide guidance to support improved internal control and risk management practices for Federal programs, systems and information:

  • OMB Circular No. A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control
  • GAO-OCC – Standards for Internal Control in the Federal Government 
  • IRS Publication 1075 (2021)
  • IRS Publication 4812 (2021)

A package of national and international sources that focus on Supply Chain Risk Management elements, including risk identification, assessment, mitigation and reporting:

  • NIST SP 800-161 Rev. 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
  • German Supply Chain Act (Lieferkettensorgfaltspflichtengesetz – LkSG)
  • Swiss Ordinance on Due Diligence and Transparency in relation to Minerals and Metals from Conflict-Affected Areas and Child Labour (DDTrO)

A series of NIST sources that address standardized approaches to improving organizational security and risk management capabilities, including:

  • NIST SP 800-140C Rev. 1, CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759
  • NIST SP 800-140D Rev. 1, CMVP Approved Sensitive Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759
  • NIST FIPS 201-3 – Personal Identity Verification (PIV) of Federal Employees of Contractors

Additional Center for Information Security (CIS) Benchmarks sources, including:

  • CIS Microsoft Windows Server 2012 R2 Benchmark v2.3.0
  • CIS Microsoft Windows Server 2016 RTM (Release 1607) Benchmark v1.2.0
  • CIS Microsoft Windows Server 2019 (Release 1809) Benchmark v1.2.0

A set of Payment Card Industry (PCI) standards that aim to establish and operationalize security measures to protect the integrity of cardholder information, payment transactions, and payment software:

  • Payment Card Industry Data Security Standard (PCI DSS) – Requirements and Testing Procedures – Version 4.0
  • Payment Card Industry (PCI) – Software Security Framework: Secure Software Requirements and Assessment Procedures v1.1 
  • Payment Card Industry (PCI) – Software Security Framework: Secure Software Lifecycle (Secure SLC) Requirements and Assessment Procedures v1.1

A pair of sources that expand consumer privacy and personal information security requirements at the state level:

  • Utah Consumer Privacy Act
  • Connecticut Consumer Privacy Act

Two sources that focus on the protection of critical infrastructure entities and financial systems, plus related reporting requirements to government authorities:

  • Cyber Incident Reporting for Critical Infrastructure Act of 2022 
  • Bank Secrecy Act Regulations (31 CFR Chapter X)

Managing regulatory changes with Edgile ArC apps

Included in the ArC Content Service subscription is the Built on Now® Edgile Regulatory Change Management application. The solution provides a closed-loop process to surgically identify necessary changes to policies, standards, and controls across the organization based on new statutes, regulations, and standards. Intelligent automation and sustainment workflows are leveraged to load the desired regulatory content changes into ServiceNow IRM using an easy-to-navigate IT risk management framework. 

The ArC Content Service is maintained by Edgile’s compliance experts in PCI DSS, Sarbanes Oxley, FFIEC, GLBA, FRB Reg A-YY, HIPAA, Privacy, FDA, NERC CIP, and more. ArC monitors federal regulatory amendments and state privacy laws, including state sources for personal information protection, security breaches, data sharing, identity theft, and notification.

ArC subscriptions are available on a paid annual basis for the following 21 verticals: Medical Device Manufacturer, Pharmaceutical Life Sciences, Healthcare Provider, Healthcare Provider + Research, Healthcare Payer, Healthcare Payer + Medicaid, Financial Services – Banking, Financial Services – Banking and Broker/Dealer, Insurance – Property and Casualty, Insurance – Property, Casualty and Life, Casino Gaming, Utilities, Oil and Gas, Manufacturing, Technology, Retail, Government, Media, Transportation, Real Estate, and Privacy.

ServiceNow IRM Quick Start Packages

ArC Content is the backbone of Edgile’s comprehensive ServiceNow IRM Quick Start packages. Quick Starts help clients avoid the costs of integrating content with ServiceNow, and the expense (both time and money) of continuously monitoring, updating and operationalizing regulatory changes.

For details on ArC ServiceNow apps and solutions, or if you want to know if a particular regulation in your industry is covered, please contact Edgile’s Risk and Security team.


Automated Regulatory Compliance (ArC) for Privacy

Accelerated privacy compliance tracking for ServiceNow IRM The accelerated digital transformation of the economy has exacerbated cybersecurity-related risks and events faced by organizations across the globe. In response to the corresponding uptick in breaches, regulatory bodies and standards publishing houses continue to deliver privacy-focused sources that promote modern safeguarding techniques for sensitive information. Edgile-Automated-Regulatory-Compliance-ArC-for-Privacy

Continue Reading Automated Regulatory Compliance (ArC) for Privacy

Connect with Edgile to get started

For details on how to optimize your risk and security programs, please contact your Edgile representative.