A major financial institution with lines of business in banking, healthcare, and insurance services had an inefficient internal system for responding to data privacy and security incidents.
After implementation, the company’s security team ran RadarFirst in parallel to the old system, but quickly became convinced that RadarFirst provided consistent, accurate incident risk assessments more efficiently. RadarFirst helped the company better demonstrate its burden of proof with all the comprehensive reports and documentation stored in the software’s easily accessible repository.
A Fortune 150 Financial Company Selects RadarFirst®
A major financial institution with lines of business in banking, healthcare, and insurance services had an
inefficient internal system for responding to data privacy and security incidents.
The security team needed a more flexible solution that kept them up to date on complex state and federal laws while offering a consistent platform for performing incident risk assessments. The team required in-depth guidance and workflow that would ensure its incident response process was in compliance with the latest regulations.
With tens of thousands of employees and multiple lines of business, the company had a rigorous set of requirements. The security team needed a solution that would:
-> Offer breach guidance based on correct interpretation of the latest state and federal laws.
-> Provide a consistent, accurate method for incident risk assessment.
-> Be flexible to meet the company’s unique needs, such as single sign-on for faster reporting of incidents and support for the Gramm-Leach-Bliley Act (GLBA).
-> Help demonstrate burden of proof for state Attorneys General, and other regulators and auditors.
-> Be highly secure.
Evaluation of Options
The company issued a request for proposal (RFP), and RadarFirst was evaluated against three other solutions: a prominent GRC platform, the organization’s internal systems, and another independent software provider. The security team quickly eliminated the GRC platform, because of the 18 months it would take to implement and because of its lack of flexibility. The team also decided to eliminate the hassle of keeping its internal systems up to date with the constantly changing state laws.
Only RadarFirst and the other software provider remained. The security team ran its own scenarios through both systems and found that RadarFirst provided the in-depth regulatory guidance it needed. The other software had the regulations, but minimal guidance and interpretation for deciding if an incident was a reportable breach.
For the first few months, the company’s security team ran RadarFirst in parallel to the old system, but quickly became convinced that RadarFirst provided consistent, accurate incident risk assessments more efficiently. In addition, RadarFirst helped the company better demonstrate its burden of proof with all the comprehensive reports and documentation stored in the software’s easily accessible repository.
The RadarFirst business unit was launched in three months. The software’s agility allowed RadarFirst to quickly meet client requirements, such as integrating with the employee authentication service to enable single sign-on. Now, the many thousands of employees across the enterprise can report and escalate an incident with easy-to-use web forms.
RadarFirst’s functionality also allows different groups of users to perform an incident risk assessment, based on the nature of the incident, such as whether or not it included paper or electronic records.
At the end of the day, the company chose RadarFirst because it is purpose-built software for managing incident response. It is not an afterthought to a GRC platform or privacy and compliance software. It eliminates the cost and hassle of building and maintaining an internal system. Most importantly, its Breach Guidance Engine provides the industry’s most thorough regulatory guidance for incident assessment and recommendations for a compliant response.
In summary, RadarFirst helped transform this Fortune 150 company’s incident response processes with:
-> Breach Guidance Engine: Guides the security and privacy teams through the process of incident reporting, assessment, notification, and response in compliance with the latest state and federal laws.
-> Multi-factor, multi-jurisdiction platform allows for the complexity and unique nature of incidents.
-> Consistency and accurate method for managing incident response, especially incident risk assessment.
-> Comprehensive reporting and documentation stored in a central repository to help the company meet its burden of proof.
-> Flexibility to add features, such as single sign-on and support for multiple lines of business with the addition of Gramm Leach–Bliley Act (GLBA).
-> Highly secure to protect large volumes of regulated data. RadarFirst operates in a secure, cloud-based environment.
-> Operational approach to incident response, which provides greater insight into incident causes and trends, to help the company better manage breach risks.