Edgile Releases ArC Q4 2022 Update for ServiceNow

By Giovanni Sparacio, Senior Manager

This month, Edgile, the leading cyber risk and regulatory compliance consulting firm and ServiceNow Elite partner, announced the Q4 2022 release of its Automated Regulatory Compliance (ArC) Content Service for ServiceNow.

Edgile’s award-winning ArC service delivers more than 700 harmonized laws, regulations and industry standards and automatically loads them into ServiceNow IRM.

The Q4 2022 report includes actionable information on mandates and precedents, enabling an up-to-date risk and compliance readiness posture that is proactive instead of reactive. ArC subscribers also receive a quarterly summary of noteworthy regulatory news, risk trends and enforcement activities.

What’s new with ArC in Q4?

Edgile’s harmonized ArC Content Library now contains over 700 laws, regulations and best-practice frameworks! The Q4 2022 content update adds 34 new authoritative sources to the ArC Master Library across Edgile’s three core risk taxonomies — Information Technology Risk Management (ITRM), Operational Risk Management (ORM) and Enterprise Risk Management (ERM).

Additions to the ArC Master Library for this quarter include:

A set of State requirements that regulate the handling of biometric data and expand the protection of consumer data, including:

  • Revised Code of Washington – Chapter 19.375 Biometric Identifiers
  • Illinois Biometric Information Privacy Act
  • Texas Business and Commercial Code – Title 11 – Subtitle A – Chapter 503 – Biometric Identifier
  • California Age-Appropriate Design Code Act

A series of directives focused on enhancing travel security standards, including:

  • TSA Security Directive Pipeline-2021-01B – Enhancing Pipeline Cybersecurity
  • TSA Security Directive Pipeline-2021-02C – Pipeline Cybersecurity Mitigation Actions, Contingency Planning, and Testing
  • TSA Security Directive 1580-21-01A – Enhancing Rail Cybersecurity
  • TSA Security Directive 1582-21-01A – Enhancing Public Transportation and Passenger Railroad Cybersecurity
  • TSA Security Directive 1580-82-2022-01 – Rail Cybersecurity Mitigation Actions and Testing

Additional Center for Information Security (CIS) Benchmarks sources, including:

  • CIS Microsoft Windows Server 2022 Benchmark v1.0.0
  • CIS Amazon Web Services Foundations Benchmark v1.5.0
  • CIS Apache Tomcat 9 Benchmark v1.1.0
  • CIS Red Hat Enterprise Linux 8 Benchmark v2.0.0
  • CIS Red Hat Enterprise Linux 7 Benchmark v3.1.1
  • CIS Ubuntu Linux 16.04 LTS Benchmark v2.0.0
  • CIS Microsoft Azure Foundations Benchmark v1.4.0
  • CIS Microsoft Azure Foundations Benchmark v1.5.0

A series of international  sources focused on promoting and enforcing cyber security at the government level, including:

  • Australian Cyber Security Centre – Essential Eight Security Model
  • The Australian Privacy Principles
  • New South Wales Cyber Security Policy v5.0
  • Victorian Protective Data Security Standards v2.0
  • Western Australia Government Cyber Security Policy
  • Tasmanian Government Cyber Security Policy v1.1
  • Tasmanian Government Email and Messaging Cybersecurity Standard v1.0
  • Tasmanian Government Identity and Access Cybersecurity Standard v1.0
  • Tasmanian Government Incident Management Cybersecurity Standard v1.0
  • The Agency for a Digital Italy (AGID) – Regulation on Cloud Services for Public Administration (2021)

A set of sources focused on promoting the transparency of reporting investment ownership, payments and grants, including: 

  • Physician Payments Sunshine Act of 2009
  • 42 CFR Part 403 Subpart I – Transparency Reports and Reporting of Physician Ownership or Investment Interests
  • 2 CFR Part 170 – Reporting Subaward and Executive Compensation Information

A catalog of sources focused on improving the information security and trustworthiness of systems, including:

  • NIST SP 800-160 Volume 1 Revision 1 – Engineering Trustworthy Secure Systems
  • ISO/IEC 27001:2022 – Information security, cybersecurity, and privacy protection – Information security management systems – Requirements
  • 12 CFR 30 Appendix B – Interagency Guidelines Establishing Information Security Standards (GLBA)

Managing regulatory changes with Edgile ArC apps

Included in the ArC Content Service subscription is the Built on Now® Edgile Regulatory Change Management application. The solution provides a closed-loop process to surgically identify necessary changes to policies, standards, and controls across the organization based on new statutes, regulations, and standards. Intelligent automation and sustainment workflows are leveraged to load the desired regulatory content changes into ServiceNow IRM using an easy-to-navigate IT risk management framework. 

The ArC Content Service is maintained by Edgile’s compliance experts in PCI DSS, Sarbanes Oxley, FFIEC, GLBA, FRB Reg A-YY, HIPAA, Privacy, FDA, NERC CIP, and more. ArC monitors federal regulatory amendments and state privacy laws, including state sources for personal information protection, security breaches, data sharing, identity theft, and notification.

ArC subscriptions are available on a paid annual basis for the following 21 verticals: Medical Device Manufacturer, Pharmaceutical Life Sciences, Healthcare Provider, Healthcare Provider + Research, Healthcare Payer, Healthcare Payer + Medicaid, Financial Services – Banking, Financial Services – Banking and Broker/Dealer, Insurance – Property and Casualty, Insurance – Property, Casualty and Life, Casino Gaming, Utilities, Oil and Gas, Manufacturing, Technology, Retail, Government, Media, Transportation, Real Estate, and Privacy.

ServiceNow IRM Quick Start Packages

ArC Content is the backbone of Edgile’s comprehensive ServiceNow IRM Quick Start packages. Quick Starts help clients avoid the costs of integrating content with ServiceNow, and the expense (both time and money) of continuously monitoring, updating and operationalizing regulatory changes.

For details on ArC ServiceNow apps and solutions, or if you want to know if a particular regulation in your industry is covered, please contact Edgile’s Risk and Security team.


Automated Regulatory Compliance (ArC) for Privacy

Accelerated privacy compliance tracking for ServiceNow IRM The accelerated digital transformation of the economy has exacerbated cybersecurity-related risks and events faced by organizations across the globe. In response to the corresponding uptick in breaches, regulatory bodies and standards publishing houses continue to deliver privacy-focused sources that promote modern safeguarding techniques for sensitive information. Edgile-Automated-Regulatory-Compliance-ArC-for-Privacy

Continue Reading Automated Regulatory Compliance (ArC) for Privacy

Connect with Edgile to get started

For details on how to optimize your risk and security programs, please contact your Edgile representative.