A Fortune 50 insurance company with millions of members and a strong culture of compliance was struggling to ensure that its employees were complying with the privacy regulations that protect sensitive customer data. To manage this massive workload, the company’s privacy team needed an incident response solution that could provide consistent, up-to-date regulatory analysis and guidance, save time, and be scalable.
When it came time to choose a solution to manage the heavy workload, the Fortune 50 insurance company considered three options:
After a review, the company realized its existing in-house database didn’t adequately support its goal of consolidating multiple workflows from disparate systems. In addition, the privacy team didn’t have the budget or authority to adapt the database to meet its efficiency and sustainability goals. The legacy GRC system lacked the functionality for managing the regulatory complexities of incident response, including up-to-date, built-in state and federal laws, as well as guidance to help decide if an incident should be reported or not.
The privacy team had a much different response with RADAR, software specifically built for incident response. It was quick, easy to use, and had a “look and feel” the privacy team liked. RADAR had HIPAA and state laws built-in, plus it enabled the team to do on-the-spot incident assessments. After a comprehensive analysis of the three options, the compliance officer also recommended RADAR. It was the only solution that could meet all of the company’s specific immediate and long-term needs.
With hundreds of security and privacy incidents to identify, manage, and report, companies are choosing RADAR for a reliable incident response management solution.
The company’s risk assessments used to be, as one privacy official put it, “painfully slow.” The team would have to access multiple shared drives to get answers and then consolidate documentation. With RADAR, the privacy team no longer spends time and money monitoring and analyzing breach laws. RADAR automatically does the assessment, and consolidates and updates all the federal regulations and state laws.
RADAR is a huge time saver...All the federal regulations and state laws are in one place and kept up-to-date by RADAR. In the past, our incident risk assessments were painfully slow.
- Privacy Executive
RADAR has streamlined the overall incident response process for the company. As soon as an incident is discovered, it is entered right into RADAR. The privacy team also uses RADAR as a tracking system, in which team members can attach e-mails and documents relating to a particular incident. Overall, the software has significantly reduced input hours, provided more accurate incident data and helped automate incident risk assessments so the team can make consistent decisions.
RADAR allows the privacy team to evaluate incidents with the same risk factors every time. This consistency—along with RADAR’s reporting capability—provides insight into the actual volume and types of incidents that occur. This insight is possible because the privacy team can use RADAR to analyze the incident workload and increase its capacity to respond to those incidents. Using RADAR has been an eye opener for the company, given the greater visibility into the number of incidents by department location and corporate entity.
The company is retooling its incident escalation and management process to streamline its response to security as well as privacy incidents. To accomplish this, the RADAR team is building functionality that enables integration of RADAR with the insurer’s GRC system, which the audit and security teams use. Now privacy and security will be able to report incidents and collaborate so the company can more completely identify and analyze incident trends and root causes—and thus reduce risks to sensitive customer data across the enterprise.
The company has said that working with RADAR is “like a dream,” and appreciates how the RADAR team willingly collaborates on workflow design changes, as well as new features and modules. The company also appreciates that these changes happen quickly. As one privacy official said, “I can’t say enough good things. We like that you take our ideas into consideration and respond so quickly.”