Edgile Releases ArC Q4 2023 Update for ServiceNow

By Giovanni Sparacio, Senior Manager

Edgile, the leading cyber risk and regulatory compliance consulting firm and ServiceNow Elite partner, announced the Q4 2023 release of its Automated Regulatory Compliance (ArC) Content Service for ServiceNow.

Edgile’s award-winning ArC service delivers more than 875 harmonized laws, regulations and industry standards and automatically loads them into ServiceNow IRM.

The Q4 2023 report includes actionable information on mandates and precedents, enabling an up-to-date risk and compliance readiness posture that is proactive instead of reactive. ArC subscribers also receive a quarterly summary of noteworthy regulatory news, risk trends and enforcement activities.

What’s new with ArC in Q4?

Edgile’s harmonized ArC Content Library now contains over 875 sources, laws, regulations and best-practice frameworks! The Q4 2023 content update adds 37 new authoritative sources to the ArC Master Library across Edgile’s three core risk taxonomies—Information Technology Risk Management (ITRM), Operational Risk Management (ORM) and Enterprise Risk Management (ERM) requirements.

Additions to the ArC Master Library for this quarter include:

A series of sources that define guidelines and risk management considerations for developing advanced and secure artificial intelligence systems including:

  • NIST Artificial Intelligence Risk Management Framework (AI RMF) Playbook
  • CISA-NCSC – Guidelines for secure AI system development
  • Hiroshima Process International Guiding Principles for Organizations Developing Advanced AI Systems
  • Hiroshima Process International Code of Conduct for Organizations Developing Advanced AI Systems

A set of international and state-level sources that establish consumer data privacy rights and duties for data controllers and processors, including:

  • South Korea – Personal Information Protection Act
  • Japan – Act on the Protection of Personal Information
  • Indonesia – Electronic Information and Transactions Law
  • Delaware – Personal Data Privacy Act (PDPA)
  • Saudi Arabia – Regulation on Personal Data Transfer Outside the Kingdom
  • Saudi Arabia – The Implementing Regulation of the Personal Data Protection Law
  • Saudi Arabia – Personal Data Protection Law (PDPL)
  • Illinois – Insurance Data Security Law
  • Pennsylvania – Insurance Data Security Act
  • Delaware – Personal Data Privacy Act (PDPA)
  • California Delete Act – CA Civil Code – Title 1.81.48

A set of NIST sources that address standardized approaches to improved organizational security, privacy, and risk management postures, including:

  • NIST SP 800-140D Rev 2
  • NIST SP 800-140C Rev 2

set of international frameworks designed to help organizations protect their information systems and data from cyber threats, including:

  • USA – Cybersecurity Enhancement Act
  • United Kingdom – HMG Security Policy Framework (SPF)
  • Luxembourg – Circular CSSF 22/806 – Outsourcing arrangements
  • Germany – Federal Data Protection Act (BDSG)

A set of financial industry regulatory provisions, including:

  • CRI Profile v1.2.1
  • FDIC Rules – 12 CFR – Part 364
  • FRB – SR 20-3 – Interagency Statement on Pandemic Planning
  • FRB – SR 17-14 – Interagency Supervisory Examiner Guidance for Institutions Affected by a Major Disaster
  • OCC/FRB/FDIC – Principles for Climate-Related Financial Risk Management for Large Financial Institutions
  • 16 CFR Part 314 – Standards for Safeguarding Customer Information (FTC Safeguards Rule – 2023)
  • Bank Service Company Act

A group of sources detailing different levels of security controls related to contracting with the Federal Government and State of Texas:

  • FedRAMP System Security Plan (SSP) Appendix A: High FedRAMP Security Controls
  • FedRAMP System Security Plan (SSP) Appendix A: Moderate FedRAMP Security Controls
  • FedRAMP System Security Plan (SSP) Appendix A: Low FedRAMP Security Controls
  • TX-RAMP Control Baselines 2.0 – Level 1
  • TX-RAMP Control Baselines 2.0 – Level 2

A pair of Australian standards aimed at regulating, enforcing, monitoring and managing data security and risk, including:

  • Australian Prudential Regulation Authority – APRA Prudential Standard CPS 220 Risk Management
  • ACSC – Essential Eight Security Model (11-23)

A source for federal guidance on medical devices that overviews cybersecurity practices, including:

  • FDA Guidance: Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions

A pair of sources that define minimum security criteria for US imports and exports through the Customs-Trade Partnership Against Terrorism (CTPAT), including:

  • USCBP-CTPAT – Minimum Security Criteria – US Importers
  • USCBP-CTPAT – Minimum Security Criteria – US Exporters 

Managing regulatory changes with Edgile ArC apps

Included in the ArC Content Service subscription is the Built on Now® Edgile Regulatory Change Management application. The solution provides a closed-loop process to surgically identify necessary changes to policies, standards, and controls across the organization based on new statutes, regulations, and standards. Intelligent automation and sustainment workflows are leveraged to load the desired regulatory content changes into ServiceNow IRM using an easy-to-navigate IT risk management framework. 

The ArC Content Service is maintained by Edgile’s compliance experts in PCI DSS, Sarbanes Oxley, FFIEC, GLBA, FRB Reg A-YY, HIPAA, Privacy, FDA, NERC CIP, and more. ArC monitors federal regulatory amendments and state privacy laws, including state sources for personal information protection, security breaches, data sharing, identity theft, and notification.

ArC subscriptions are available on a paid annual basis for the following 21 verticals: Medical Device Manufacturer, Pharmaceutical Life Sciences, Healthcare Provider, Healthcare Provider + Research, Healthcare Payer, Healthcare Payer + Medicaid, Financial Services – Banking, Financial Services – Banking and Broker/Dealer, Insurance – Property and Casualty, Insurance – Property, Casualty and Life, Casino Gaming, Utilities, Oil and Gas, Manufacturing, Technology, Retail, Government, Media, Transportation, Real Estate, and Privacy.

ServiceNow IRM Quick Start Packages

ArC Content is the backbone of Edgile’s comprehensive ServiceNow IRM Quick Start packages. Quick Starts help clients avoid the costs of integrating content with ServiceNow, and the expense (both time and money) of continuously monitoring, updating and operationalizing regulatory changes.

For details on ArC ServiceNow apps and solutions, or if you want to know if a particular regulation in your industry is covered, please contact Edgile’s Risk and Security team.


Automated Regulatory Compliance (ArC) for Privacy

Accelerated privacy compliance tracking for ServiceNow IRM The accelerated digital transformation of the economy has exacerbated cybersecurity-related risks and events faced by organizations across the globe. In response to the corresponding uptick in breaches, regulatory bodies and standards publishing houses continue to deliver privacy-focused sources that promote modern safeguarding techniques for sensitive information. Edgile-Automated-Regulatory-Compliance-ArC-for-Privacy

Continue Reading Automated Regulatory Compliance (ArC) for Privacy

Connect with Edgile to get started

For details on how to optimize your risk and security programs, please contact your Edgile representative.