Challenge

Privacy and security incident response is complex for most organizations and especially so for a global hospitality powerhouse that manages sensitive data on thousands of properties across over 100 countries and territories.

Solutions

RadarFirst for automation of incident risk assessment for those involving disclosures of personal information (PI) against the applicable jurisdictional law to ensure they were meeting notification obligations.

5-Star Global Incident Response Case Management from a Powerful Integration of Best-of-breed Security + Privacy Platforms

Privacy and Security Incident response is complex for most organizations and especially so for a global hospitality powerhouse that manages sensitive data on thousands of properties across over 100 countries and territories.

The organization’s information security team was responsible for managing both traditional security incidents as well as those involving privacy. To manage dual responsibilities, they needed a holistic solution that simplified the identification of critical incidents involving privacy and provided workflow and automation tools to expedite remediation.

With strict notification deadlines and severe penalties for failure to comply with global breach notification regulations, the international organization could not rely on their existing manual processes and faced potential fines and reputational damage if they were unable to automate the ability to risk assess incidents involving disclosures of personal information (PI) against the applicable jurisdictional law to ensure they were meeting notification obligations.

Want to share this Case Study?

Security + Privacy Together

ServiceNow and RadarFirst were uniquely positioned to deliver a transformational Security and Privacy Case Management solution leveraging the hospitality company’s existing platform and expertise, enhanced by RadarFirst’s best-of-breed privacy and compliance solution.

Morbi leo risus, porta ac consectetur ac, vestibulum at eros
ServiceNow Security Incident Response

This solution simplifies the identification of critical incidents and provides workflow and automation tools to speed up remediation.

RadarFirst Privacy Incident Response

This allows any incident tracked in ServiceNow to be seamlessly assessed to determine if it’s a notifiable data breach under the relevant state, federal and international laws. Radar also helps ensure consistency and proof of compliance to meet an organization’s breach notification obligations.

Data from ServiceNow’s Security Orchestration Automation and Response (SOAR) platform that involves the disclosure of personal data are sent into Radar via integration and automatically escalated as prioritized security incidents. The teams then rely on customized workflows based on the organization’s own security playbook to ensure timely remediation, all the while documenting their burden of proof.

Collaboration = Results

The integrated Security and Privacy Case Management System provides greater efficiencies for managing risk associated with both privacy and security incidents.

“Utilizing a productized connector that was made available in the ServiceNow app store in 2020, incidents tracked within ServiceNow that contain PI or PHI are routed to Radar for assessment in accordance with both regulatory and contractual notifications.”

Utilizing a productized connector that was made available in the ServiceNow app store in 2020, incidents tracked within ServiceNow that contain PI or PHI are routed to Radar for assessment in accordance with both regulatory and contractual notification obligations.

A bi-directional relationship between the two systems allows the transfer of all key information to remain within the system of choice for auditing and reporting purposes.

Once the privacy or legal stakeholder assesses the incident within Radar, a patented heat-map is generated indicating any notification obligations required under state, federal, or international breach notification laws.

In Summary

By leveraging RadarFirst’s patented Breach Guidance Engine for assessing privacy incidents, the organization will be able to meet the most stringent notification obligations under state,
federal, and international breach notification laws – thus
reducing the potential for missed deadlines, and the possibility
of fines, penalties, and brand damage.

70%

The organization estimated it can close 70% of the privacy-related incident investigations within 48-72 hours, down from weeks at a time.

60-80%

The organization estimated it can close 70% of the privacy-related incident investigations within 48-72 hours, down from weeks at a time.

Risk

The organization estimated it can close 70% of the privacy-related incident investigations within 48-72 hours, down from weeks at a time.

Want to share this Case Study?

Interested in learning how to simplify incident management?