How one of the world’s largest hotel chains reduced incident response time by 80%

Download as a PDF

< Return to Case Studies

 

5-Star Global Incident Response Case Management from a Powerful Integration of Best-of-breed Security + Privacy Platforms

Privacy and Security Incident response is complex for most organizations and especially so for a global hospitality powerhouse that manages sensitive data on thousands of properties across over 100 countries and territories.

The organization’s information security team was responsible for managing both traditional security incidents as well as those involving privacy. To manage dual responsibilities, they needed a holistic solution that simplified the identification of critical incidents involving privacy and provided workflow and automation tools to expedite remediation.

With strict notification deadlines and severe penalties for failure to comply with global breach notification regulations, the international organization could not rely on their existing manual processes and faced potential fines and reputational damage if they were unable to automate the ability to risk assess incidents involving disclosures of personal information (PI) against the applicable jurisdictional law to ensure they were meeting notification obligations.

The integration of Radar Privacy Incident Response and ServiceNow Security Incident Response provided a compelling solution to their needs.

Security + Privacy Together

ServiceNow and RadarFirst were uniquely positioned to deliver a transformational Security and Privacy Case Management solution leveraging the hospitality company’s existing platform and expertise, enhanced by RadarFirst’s best-of-breed privacy and compliance solution.

ServiceNow’s Security Incident Response solution simplifies the identification of critical incidents and provides workflow and automation tools to speed up remediation.

RadarFirst’s Privacy Incident Response allows any incident tracked in ServiceNow to be seamlessly assessed to determine if
it’s a notifiable data breach under the relevant state, federal and international laws. Radar also helps ensure consistency and proof of compliance to meet an organization’s breach notification obligations.

Data from ServiceNow’s Security Orchestration Automation and Response (SOAR) platform that involves the disclosure of personal data are sent into Radar via integration and automatically escalated as prioritized security incidents. The teams then rely on customized workflows based on the organization’s own security playbook to ensure timely remediation, all the while documenting their burden of proof.

RadarFirst quotation mark

Utilizing a productized connector that was made available in the ServiceNow app store in 2020, incidents tracked within ServiceNow that contain PI or PHI are routed to Radar for assessment in accordance with both regulatory and contractual notification obligations.

servicenow radarfirst

Collaboration = Results

The integrated Security and Privacy Case Management System provides greater efficiencies for managing risk associated with both privacy and security incidents.

Utilizing a productized connector that was made available in the ServiceNow app store in 2020, incidents tracked within ServiceNow that contain PI or PHI are routed to Radar for assessment in accordance with both regulatory and contractual notification obligations.

A bi-directional relationship between the two systems allows the transfer of all key information to remain within the system of choice for auditing and reporting purposes.

Once the privacy or legal stakeholder assesses the incident within Radar, a patented heat-map is generated indicating any notification obligations required under state, federal, or international breach notification laws – including any associated 3rd party obligations should the organization act as a processor of data on behalf of its clients.

  • By partnering with ServiceNow and RadarFirst, the organization estimated it can close 70% of the privacy- related incident investigations within 48-72 hours (Down from what had previously been taking weeks to accomplish)
  • Organization believes through automation and orchestration using ServiceNow’s Security Incident Response it can drive down the time it takes to respond to its lower-tier security-related incidents/investigations from 60-80%
  • Leveraging RadarFirst’s patented Breach Guidance Engine™ for assessing privacy incidents, the organization believes it can meet the most stringent notification obligations under state, federal, and international breach notification laws – thus reducing the potential for missed deadlines, and the possibility of fines, penalties, and brand/reputational damage.

Interested in learning more? Get in touch