Edgile Releases ArC Q2 2024 Update for ServiceNow

By Jansen Kachel, Senior Manager

Edgile, a Wipro company, announced the Q2 2024 release of its Automated Regulatory Compliance (ArC) Content Service for ServiceNow.

Edgile’s award-winning ArC service delivers more than 850 harmonized laws, regulations and industry standards and automatically loads them into ServiceNow IRM.

The Q2 2024 report includes actionable information on mandates and precedents, enabling an up-to-date risk and compliance readiness posture that is proactive instead of reactive. ArC subscribers also receive a quarterly summary of noteworthy regulatory news, risk trends and enforcement activities.

What’s new with ArC in Q2?

Edgile’s harmonized ArC Content Library now contains over 850 laws, regulations and best-practice frameworks! The Q2 2024 content update adds 28 new authoritative sources to the ArC Master Library across Edgile’s three core risk taxonomies—Information Technology Risk Management (ITRM), Operational Risk Management (ORM) and Enterprise Risk Management (ERM) requirements.

Additions to the ArC Master Library for this quarter include:

A series of sources that address the governing over fundamental rights, safety, and ethical principles for artificial intelligence models, including:

  • European Union Artificial Intelligence Act (EU AI Act)
  • OWASP – LLM AI Cybersecurity & Governance Checklist v1.0
  • Singapore Model AI Governance Framework 2nd Ed 
  • Office of Management and Budget (OMB) – Memorandum M-24-10 – Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence
  • NSA: Joint Guidance on Deploying AI Systems Securely

A series of sources that define critical aspects of risk management for aviation safety within the European Union, including:

  • EU Aviation Safety Agency (EASA) – Commission Implementing Regulation 2024-1109 (Certification, oversight and enforcement of the continuing airworthiness of certified unmanned aircraft systems)
  • EU Aviation Safety Agency (EASA) – Commission Implementing Regulation 2023-1769 (Production of air traffic management/air navigation services systems)
  • EU Aviation Safety Agency (EASA) – Commission Implementing Regulation 2023-203 (Information Security Risk Management)
  • EU Aviation Safety Agency (EASA) – Commission Delegated Regulation 2022-1645 (Information Security Risk Management)

A source that provides guidance for cybersecurity programs of nuclear power reactors, including:

  • U.S. Nuclear Regulatory Commission – Regulatory Guide 5.71 Revision 1 – Cyber Security Programs for Nuclear Power Reactors 

A series of TSA Security Directives that collectively address critical aspects of transportation cybersecurity, including:

  • TSA Security Directive 1580-82-2022-01A – Rail Cybersecurity Mitigation Actions and Testing
  • TSA Security Directive 1582-21-01B – Enhancing Public Transportation and Passenger Railroad Cybersecurity
  • TSA Security Directive 1580-21-01B – Enhancing Rail Cybersecurity
  • TSA Security Directive Pipeline-2021-02D – Pipeline Cybersecurity Mitigation Actions, Contingency Planning, and Testing
  • TSA Security Directive Pipeline-2021-01D – Enhancing Pipeline Cybersecurity

A set of NIST sources that provide guidance for evaluating security requirements related to Controlled Unclassified Information (CUI), including:

  • NIST SP 800-171A Rev. 3 – Assessing Security Requirements for Controlled Unclassified Information
  • NIST SP 800-171 Rev. 3 – Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

A source that provides high-level provisions for securing consumer Internet of Things (IoT) devices, including:

  • European Telecommunications Standards Institute (ETSI) EN 303 645 V2.1.1 – Cyber Security for Consumer Internet of Things: Baseline Requirements

A series of sources that establish a regulatory framework and security standards for UK consumer connectable products, including:

  • UK Product Security and Telecommunications Infrastructure Regulations (2023)
  • UK Product Security and Telecommunications Infrastructure Act 2022 – Part 1
  • UK National Cyber Security Centre (NCSC) – Cloud Security Principles
  • UK National Cyber Security Centre (NCSC) – Cyber Assessment Framework v3.2

A source that provides standards for sound prudential regulation and supervision of banks and banking systems, including:

  • Basel Committee: Core principles for effective banking supervision (2024)

A source that clarifies definitions, breach criteria, and sources of PHR identifiable health information, including:

  • FTC – Health Breach Notification Rule (2024)

A source that provides telecommunications carriers guidance to notify law enforcement of breaches involving their customers’ Customer Proprietary Network Information (CPNI):

  • FCC – 47 CFR Part 64 – Privacy of Customer Information (Notification of Security Breaches)

A source that outlines the risk management framework for Australian organizations to protect systems and data from cyber threats:

  • Australian Cyber Security Centre (ACSC) – Information Security Manual (March 2024)

A pair of state-level sources that address consumer data privacy rights and duties, including:

  • Nebraska Data Privacy Act
  • Kentucky Consumer Data Privacy Act

Managing regulatory changes with Edgile ArC apps

Included in the ArC Content Service subscription is Edgile Regulatory Change Management application. The solution provides a closed-loop process to surgically identify necessary changes to policies, standards, and controls across the organization based on new statutes, regulations, and standards. Intelligent automation and sustainment workflows are leveraged to load the desired regulatory content changes into ServiceNow IRM using an easy-to-navigate IT risk management framework. 

The ArC Content Service is maintained by Edgile’s compliance experts in PCI DSS, Sarbanes Oxley, FFIEC, GLBA, FRB Reg A-YY, HIPAA, Privacy, FDA, NERC CIP, and more. ArC monitors federal regulatory amendments and state privacy laws, including state sources for personal information protection, security breaches, data sharing, identity theft, and notification.

ArC subscriptions are available on a paid annual basis for the following 21 verticals: Medical Device Manufacturer, Pharmaceutical Life Sciences, Healthcare Provider, Healthcare Provider + Research, Healthcare Payer, Healthcare Payer + Medicaid, Financial Services – Banking, Financial Services – Banking and Broker/Dealer, Insurance – Property and Casualty, Insurance – Property, Casualty and Life, Casino Gaming, Utilities, Oil and Gas, Manufacturing, Technology, Retail, Government, Media, Transportation, Real Estate, and Privacy.

ServiceNow IRM Quick Start Packages

ArC Content is the backbone of Edgile’s comprehensive ServiceNow IRM Quick Start packages. Quick Starts help clients avoid the costs of integrating content with ServiceNow, and the expense (both time and money) of continuously monitoring, updating and operationalizing regulatory changes.

For details on ArC ServiceNow apps and solutions, or if you want to know if a particular regulation in your industry is covered, please contact Edgile’s Risk and Security team.

Resources

Automated Regulatory Compliance (ArC) for Privacy

Accelerated privacy compliance tracking for ServiceNow IRM The accelerated digital transformation of the economy has exacerbated cybersecurity-related risks and events faced by organizations across the globe. In response to the corresponding uptick in breaches, regulatory bodies and standards publishing houses continue to deliver privacy-focused sources that promote modern safeguarding techniques for sensitive information. Edgile-Automated-Regulatory-Compliance-ArC-for-Privacy

Continue Reading Automated Regulatory Compliance (ArC) for Privacy

Connect with Edgile to get started

For details on how to optimize your risk and security programs, please contact your Edgile representative.

Talk to an Expert
Learn about ArC