Privacy requirements capture and management – a ServiceNow solution case study
A Risktec client required a solution to provide a central repository to record Standard Privacy Requirements (SPR’s) and to map these requirements to their programme designed controls. The solution was also required to enable the management of these controls.
Risk and compliance challenges
The client’s privacy programme aims to ensure privacy controls are enhanced and embedded into the risk management framework. This allows stakeholders to identify, manage and monitor the controls needed to manage their privacy risk. This is a new concept within the client organisation, and there was no existing tool to support and govern the process.
Implemented solution
- A single company-wide tool with consistent workflow and processes
- A central repository of Standard Privacy Requirements, mapped to the programme’s designed controls
- Integration with the client’s single source of controls, enabling comprehensive control assurance and compliance
- Data held in the repository is available, up-to-date and structured to assist with the core Privacy Impact Assessment process
- Real-time reporting and dashboards
- Automatically alerts management team to privacy requirement changes
- Scalability as process matures to cater to wider functionality, such as privacy requirements attestations
- Ability to associate privacy controls to regulatory sources, helping to provide a comprehensive bank-wide compliance view
- Identification of control failures and respective issues and remediation management
Impact
This ServiceNow solution delivers against one of the core aims of the programme, to implement ‘Privacy by Design and Default’ controls within the client’s processes. The new intuitive, consistent process allows for the capture, workflow and reporting of privacy requirements and associated privacy controls, also enabling real-time reporting for privacy officers and internal audit enabling them to make informed, accurate and timely decisions.
Client quote
The ServiceNow solution has provided the bank with a real time, user friendly and flexible repository for storing and maintaining our privacy controls and requirements, assisting with our compliance assessment process. It was fantastic to see delivery within such tight timeframes, and collectively we made a great team.