How one of the world’s largest hotel chains reduced incident response time by 80%
Privacy and security incident response is complex for most organizations and especially so for a global hospitality powerhouse that manages sensitive data on thousands of properties across over 100 countries and territories.
RadarFirst for automation of incident risk assessment for those involving disclosures of personal information (PI) against the applicable jurisdictional law to ensure they were meeting notification obligations.
5-Star Global Incident Response Case Management from a Powerful Integration of Best-of-breed Security + Privacy Platforms
Privacy and Security Incident response is complex for most organizations and especially so for a global hospitality powerhouse that manages sensitive data on thousands of properties across over 100 countries and territories.
The organization’s information security team was responsible for managing both traditional security incidents as well as those involving privacy. To manage dual responsibilities, they needed a holistic solution that simplified the identification of critical incidents involving privacy and provided workflow and automation tools to expedite remediation.
With strict notification deadlines and severe penalties for failure to comply with global breach notification regulations, the international organization could not rely on their existing manual processes and faced potential fines and reputational damage if they were unable to automate the ability to risk assess incidents involving disclosures of personal information (PI) against the applicable jurisdictional law to ensure they were meeting notification obligations.
Security + Privacy Together
ServiceNow and RadarFirst were uniquely positioned to deliver a transformational Security and Privacy Case Management solution leveraging the hospitality company’s existing platform and expertise, enhanced by RadarFirst’s best-of-breed privacy and compliance solution.
ServiceNow Security Incident Response
This solution simplifies the identification of critical incidents and provides workflow and automation tools to speed up remediation.
RadarFirst Privacy Incident Response
This allows any incident tracked in ServiceNow to be seamlessly assessed to determine if it’s a notifiable data breach under the relevant state, federal and international laws. Radar also helps ensure consistency and proof of compliance to meet an organization’s breach notification obligations.
Data from ServiceNow’s Security Orchestration Automation and Response (SOAR) platform that involves the disclosure of personal data are sent into Radar via integration and automatically escalated as prioritized security incidents. The teams then rely on customized workflows based on the organization’s own security playbook to ensure timely remediation, all the while documenting their burden of proof.
Collaboration = Results
The integrated Security and Privacy Case Management System provides greater efficiencies for managing risk associated with both privacy and security incidents.
“Utilizing a productized connector that was made available in the ServiceNow app store in 2020, incidents tracked within ServiceNow that contain PI or PHI are routed to Radar for assessment in accordance with both regulatory and contractual notifications.”
Utilizing a productized connector that was made available in the ServiceNow app store in 2020, incidents tracked within ServiceNow that contain PI or PHI are routed to Radar for assessment in accordance with both regulatory and contractual notification obligations.
A bi-directional relationship between the two systems allows the transfer of all key information to remain within the system of choice for auditing and reporting purposes.
Once the privacy or legal stakeholder assesses the incident within Radar, a patented heat-map is generated indicating any notification obligations required under state, federal, or international breach notification laws.
By leveraging RadarFirst’s patented Breach Guidance Engine for assessing privacy incidents, the organization will be able to meet the most stringent notification obligations under state,
federal, and international breach notification laws – thus
reducing the potential for missed deadlines, and the possibility
of fines, penalties, and brand damage.