| | December 201919CIOReviewUnlocking New Opportunities with ServiceNowCombining the extensive IRM/GRC domain experience and technical deployment of many of the existing, leading IRM platforms, both ServiceNow and 2MC see this partnership as a unique opportunity. Unlike other consultants who typically partner with ServiceNow in the ITSM world, 2MC has carved a niche for itself by solely focusing on the implementation of GRC around ServiceNow's new tool--The Now PlatformTM. This latest offering from ServiceNow accelerates the digitization of manual business processes by enabling rapidly building, testing, and deployment applications that automate work across the enterprise. The platform is used by nearly 800 of the Forbes Global 2000 companies to accelerate their digital transformation initiatives. "While ServiceNow has ventured into the world of integrated risk management with a set of new tools, we are guiding both ServiceNow and the customers to successfully implement GRC into the product and also derive immense value by linking the GRC elements of the tool into some of the other areas of their business. That's the sweet spot where we work with ServiceNow," says Foster-Westgarth.He goes on to mention that ServiceNow's capability to expand its footprint in the GRC market perfectly complements 2MC's domain and technology expertise, making their partnership an ideal collaboration. "As most companies are quite immature when it comes to GRC, we aim to use ServiceNow's massive footprint to improve the education around GRC."The Modus OperandiTo begin with, 2MC brings in a unique combination of its engineering expertise and GRC experience to the table. From process alignment and tool streamlining to custom training and installations, 2MC implements all aspects of GRC and also creates custom solutions for requirements that fall outside of the typical GRC areas. The company's complementary and independent advisory services encompass process improvement, business adoption, legislation/regulation, GRC best practice, and cyber-security. On the path to manage risks, many companies that partner with ServiceNow are developers first and consultants second. However, 2MC differentiates itself by focusing on configuration rather than development. Despite ServiceNow being a flexible tool, 2MC simplifies the processes and wraps them around the tool rather than overly engineering the tool. Instead of exhibiting purely a developer mindset, the experts at 2MC take a consultative approach to meet the client's needs.In essence, the company's modus operandi involves having a firm grasp of the requirements of the customers. To maximize customer success, 2MC believes in encouraging the client to be actively engaged throughout the entire process, which, in turn, deepens its understanding of the project's objectives and the expected results.Working closely with the clients, the company takes an educational approach to ensure users become acquainted with the tools. Before making a plethora of changes, the 2MC experts perform a meticulous process analysis to assess and understand the client's data, simplify and improve their GRC processes and provide a seamless GRC ecosystem. This is followed by walking the clients through design, build, prototyping, and implementation phase, allowing the tools to evolve as per their requirements. In the test phase, the 2MC team allows the clients to test the tool, evaluate if the system works as expected and ensures that the users are comfortable with how the tool works, before transitioning to the "go-live" phase. Foster-Westgarth emphasizes the need for a customer-centric implementation process that keeps the clients engaged and up-to-date about the progress throughout the process--from beginning to end.From the data security perspective, while enabling digital transformation for its clients, 2MC, as part of the wider TÜV Rheinland Group, guides how to address security concerns amongst its tool implementations in addition to the wider security concerns of modern business, including the Internet of Things (IoT). 2MCequips clients with robust risk management, vulnerability testing, penetration testing and more, keeping GRC as the foundation for cybersecurity. "One cannot understand how to secure something without having a true reflection of the risk it holds for the organization. GRC is a foundational element for digital transformation," explains O'Nion.2MC's expertise and efficiency in GRC implementation can be best explained through a customer success story that involved a large company operating in the PCI space. Despite being one of the biggest players in this space, the client, who leverages ServiceNow, was burdened with the predicament of following the PCI standards and effectively achieving compliance. The challenge for the client stemmed from generating 15 different reports for all of their components that were PCI applicable. The client lacked well-thought processes and tools in place to manage these reports, which led them to pay millions of pounds in fines every year for not adhering to the standard. This is where 2MC stepped in to link ServiceNow with the CMDB information that the client had within their environment. The information was automatically pulled together within the compliance area of the GRC architecture, which helped to determine levels of compliance with the standard. As a result, the client was able to demonstrate their compliance status using their ServiceNow instance and dramatically decrease the significant amount of fines this year.Scripting similar success stories for its clients, 2MC will continue leveraging its experience to bring to bear on risk management and ServiceNow. Moving ahead, 2MC is focused on helping ServiceNow expand and develop the tool in the operational technology space. Unlike other consulting companies that often wax eloquent about their focus on the "customer", and claiming global best practices, 2MC makes a difference with its winning delivery methodology that strives to service any request locally. Besides aggressive expansion plans in the UK market, the company also looks forward to taping into and growing the TÜV Rheinland Group further in the GRC and cybersecurity sectors in Germany and the US, fitting into an exciting niche in both of those markets.
< Page 9 | Page 11 >