As we start a new year, it’s a good time to reflect on all the accomplishments and strategic initiatives the Division of the Chief Information Officer (CIO) has put into place and the teams dedicated to bringing these priorities to fruition.
One project that has made an immense amount of positive change to customer experiences and processes, receiving countless well-deserved kudos, has been the Information Security Office-Governance, Risk, and Compliance (ISO–GRC) team’s consulting practice.
When a customer has a need, there are a couple critical factors that need to be considered; transparency and ease for the customer, and a better, more streamlined process for the team providing support. With enhancements brought on by the ISO-GRC team, their consulting practice have accomplished these needs, making for a great customer experience.
The ISO-GRC consulting practice was formally established in late 2019, using JIRA and an integrated Microsoft Form for customers to submit their request. The management of requests was manual, but well organized to support the ISO-GRCs cross-functional team structure. Then, in 2021 ServiceNow was launched as the platform for UITS Service Delivery Experience. Unfortunately, the out-of-box structure of ServiceNow was not ideal for the way the ISO-GRC team works in supporting their customers. They needed a way to utilize ServiceNow to support the federated risk management strategy they have employed since 2018. This means having multiple team members helping a customer and having access to the stream of historical information was necessary for efficiency.
Wendy Epley, Principal Analyst in the ISO-GRC, has been heavily involved in the consulting practice evolution from the beginning and has seen the impact of the changes.
“We needed a more fluid way to manage our consultations. The standard structure of ServiceNow provides management for a single action. What we need is a way to move a ticket in between the phases that a consultation may go through,” stated Epley. “Having the ability to put a request on pause and add multiple tasks to a single ticket is essential in managing our consultation requests. These features provide the historical information that are critical for the ISO-GRC to help our constituents in a holistic manner. Additionally, these enhancements within ServiceNow allow our customers to have the visual access in monitoring how their request was being managed.”
When a customer makes a request to the ISO-GRC, it is often a multi-step process that requires engagement with the customer and possibly other stakeholders within or external to the GRC. The process is multifaceted and requires evolution with the standard ticketing process used by UITS to make the ISO-GRC consulting practice as streamlined and sophisticated as possible.
“We take the information and collate it from each of our customer touchpoints. We analyze those touchpoints along with the historical data so that we can provide a thorough recommendation that is tailored to each customer’s unique mission and needs,” stated Epley. “Through this process, what is achieved is a comprehensive customer care strategy because each Unit and individual we work with is unique and often their needs are comprehensive.”
To help the ISO-GRC team achieve its strategy for customer care, the ServiceNow team had to design these enhancements within the ServiceNow platform. With the aid of Wendy Epley and their ServiceNow application developer, the ISO-GRC team is now able to provide a more robust consultation process that enhances the customer experience. The enhancements made are only available to the ISO-GRC team within the ServiceNow platform. However, if the ISO-GRC needs to involve another Unit in the consultation, they can be easily added with a new Task assignment and the other Unit will benefit from these enhancements by having insight into the historical information.
The ISO-GRC assists Units in making risk-informed decisions related to information security. They provide a variety of consultation services which include, but are not limited to, understanding ISO governance, information security reviews in contracts, risk management, risk mitigation assistance, and information security compliance. Consultation requests to the ISO-GRC can be submitted through the ServiceNow catalog by clicking the “Information Security Office Governance, Risk, and Compliance Requests” card in the Security section.