Edgile Releases ArC Q2 2023 Update for ServiceNow

By Giovanni Sparacio, Senior Manager

Edgile, the leading cyber risk and regulatory compliance consulting firm and ServiceNow Elite partner, announced the Q2 2023 release of its Automated Regulatory Compliance (ArC) Content Service for ServiceNow.

Edgile’s award-winning ArC service delivers more than 775 harmonized laws, regulations and industry standards and automatically loads them into ServiceNow IRM.

The Q2 2023 report includes actionable information on mandates and precedents, enabling an up-to-date risk and compliance readiness posture that is proactive instead of reactive. ArC subscribers also receive a quarterly summary of noteworthy regulatory news, risk trends and enforcement activities.

What’s new with ArC in Q2?

Edgile’s harmonized ArC Content Library now contains over 775 laws, regulations, and best-practice frameworks! The Q2 2023 content update adds 20 new authoritative sources to the ArC Master Library across Edgile’s three core risk taxonomies for Information Technology Risk Management (ITRM), Operational Risk Management (ORM) and Enterprise Risk Management (ERM).

Additions to the ArC Master Library for this quarter include:

A set of sources that expands privacy, data sensitivity, and related information security requirements, including:

  • California Privacy Protection Agency (CPPA) – California Consumer Privacy Act Regulations
  • Colorado Privacy Act Rules
  • Indiana Consumer Data Protection Act
  • Iowa Consumer Data Protection Act
  • Tennessee Information Protection Act
  • China Data Security Law (DSL)
  • EU – ePrivacy Directive

A series of sources that define requirements for implementing and maintaining electronically secure industrial automation and control systems (IACS), including:

  • IEC Standard 62443-3-1:2009 IACS Network and System Security
  • IEC Standard 62443-4-2:2019 IACS Technical Security Requirements
  • IEC Standard 62443-2-3:2015 IACS Patch Management

A pair of health care-focused sources that overview leading cybersecurity practices for small, medium, and large health care organizations, including:

  • HHS-PHE-405d – Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations (2023) 
  • HHS-PHE-405d – Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care Organizations (2023) 

A group of international sources that outline standards for implementing information security management systems and programs, including:

  • United Kingdom – NCSC – Cyber Essentials: Requirements for IT infrastructure v3.1
  • United Kingdom – NCSC – Cyber Essentials Plus: Illustrative Test Specification v3.1
  • Germany – BSI Standard 200-1
  • Saudi Arabian Monetary Authority (SAMA) Cyber Security Framework
  • Saudi Aramco SACS-002 Third Party Cybersecurity Standard

set of sources focused on covered contractor information security requirements, information security system self-assessment, and BES cyber system control, including:

  • USA – DFARS 252.204-7012 Regulation – Cybersecurity Maturity Model Certification (CMMC)
  • Trusted Information Security Assessment Exchange (TISAX) VDS ISA v5.1
  • NERC CIP-003-9 – Cyber Security – Security Management Controls

Managing regulatory changes with Edgile ArC apps

Included in the ArC Content Service subscription is the Built on Now® Edgile Regulatory Change Management application. The solution provides a closed-loop process to surgically identify necessary changes to policies, standards, and controls across the organization based on new statutes, regulations, and standards. Intelligent automation and sustainment workflows are leveraged to load the desired regulatory content changes into ServiceNow IRM using an easy-to-navigate IT risk management framework. 

The ArC Content Service is maintained by Edgile’s compliance experts in PCI DSS, Sarbanes Oxley, FFIEC, GLBA, FRB Reg A-YY, HIPAA, Privacy, FDA, NERC CIP, and more. ArC monitors federal regulatory amendments and state privacy laws, including state sources for personal information protection, security breaches, data sharing, identity theft, and notification.

ArC subscriptions are available on a paid annual basis for the following 21 verticals: Medical Device Manufacturer, Pharmaceutical Life Sciences, Healthcare Provider, Healthcare Provider + Research, Healthcare Payer, Healthcare Payer + Medicaid, Financial Services – Banking, Financial Services – Banking and Broker/Dealer, Insurance – Property and Casualty, Insurance – Property, Casualty and Life, Casino Gaming, Utilities, Oil and Gas, Manufacturing, Technology, Retail, Government, Media, Transportation, Real Estate, and Privacy.

ServiceNow IRM Quick Start Packages

ArC Content is the backbone of Edgile’s comprehensive ServiceNow IRM Quick Start packages. Quick Starts help clients avoid the costs of integrating content with ServiceNow, and the expense (both time and money) of continuously monitoring, updating and operationalizing regulatory changes.

For details on ArC ServiceNow apps and solutions, or if you want to know if a particular regulation in your industry is covered, please contact Edgile’s Risk and Security team.


Automated Regulatory Compliance (ArC) for Privacy

Accelerated privacy compliance tracking for ServiceNow IRM The accelerated digital transformation of the economy has exacerbated cybersecurity-related risks and events faced by organizations across the globe. In response to the corresponding uptick in breaches, regulatory bodies and standards publishing houses continue to deliver privacy-focused sources that promote modern safeguarding techniques for sensitive information. Edgile-Automated-Regulatory-Compliance-ArC-for-Privacy

Continue Reading Automated Regulatory Compliance (ArC) for Privacy

Connect with Edgile to get started

For details on how to optimize your risk and security programs, please contact your Edgile representative.