A major financial institution with lines of business in banking, healthcare, and insurance services had an inefficient internal system for responding to data privacy and security incidents.
The security team needed a more flexible solution that kept them up to date on complex state and federal laws while offering a consistent platform for performing incident risk assessments. The team required in-depth guidance and workflow that would ensure its incident response process was in compliance with the latest regulations.
With tens of thousands of employees and multiple lines of business, the company had a rigorous set of requirements. The security team needed a solution that would:
The company issued a request for proposal (RFP), and RADAR was evaluated against three other solutions: a prominent GRC platform, the organization’s internal systems, and another independent software provider. The security team quickly eliminated the GRC platform, because of the 18 months it would take to implement and because of its lack of flexibility. The team also decided to eliminate the hassle of keeping its internal systems up to date with the constantly changing state laws.
Only RADAR and the other software provider remained. The security team ran its own scenarios through both systems, and found that RADAR provided the in-depth regulatory guidance it needed. The other software had the regulations, but minimal guidance and interpretation for deciding if an incident was a reportable breach.
RADAR operationalizes your incident response management process by applying automation and best practices to privacy and security incident intake, risk assessment, breach decisioning, and notification.
For the first few months, the company’s security team ran RADAR in parallel to the old system, but quickly became convinced that RADAR provided consistent, accurate incident risk assessments more efficiently. In addition, RADAR helped the company better demonstrate its burden of proof with all the comprehensive reports and documentation stored in the software’s easily accessible repository.
The RADAR business unit was launched in three months. The software’s agility allowed RADAR to quickly meet client requirements, such as integrating with the employee authentication service to enable single sign-on. Now, the many thousands of employees across the enterprise can report and escalate an incident with easy-to-use web forms.
RADAR’s functionality also allows different groups of users to perform an incident risk assessment, based on the nature of the incident, such as whether or not it included paper or electronic records.
At the end of the day, the company chose RADAR because it is purpose-built software for managing incident response. It is not an afterthought to a GRC platform or privacy and compliance software. It eliminates the cost and hassle of building and maintaining an internal system. Most importantly, its Breach Guidance Engine provides the industry’s most thorough regulatory guidance for incident assessment and recommendations for a compliant response.
In summary, RADAR helped transform this Fortune 150 company’s incident response processes with: