Health Check Empowers SaaS Provider to Better Leverage GRC Applications and Processes

A leading Software-as-a-Service (SaaS) solution provider helps thousands of customers worldwide address domestic and international payments, efficient cash management, payment processing, bill review, fraud detection, behavioral analytics, and regulatory compliance. Founded in 1989, the company serves customers in the banking, financial services, insurance, healthcare, technology, retail, communications, education, media, manufacturing, and government industries across the United States, the United Kingdom, Continental Europe, and Asia-Pacific.

The Challenge

In 2016, this SaaS solution provider set out to replace its existing GRC systems, because costly customization would be needed to satisfy evolving risk and audit program requirements with these tools. At the same time, the company was looking to improve automation of its vendor risk management function. After rigorous evaluation, leadership selected the ProcessUnity platform for Vendor Risk Management, Compliance Management, Incident Management, and Regulatory Compliance Management. The ProcessUnity platform offered greater flexibility in vendor outreach and total configurability for fine-tuning the applications to fit specific program needs — without the need for endless professional services engagements.

The company immediately put its ProcessUnity solutions to work, automating its Vendor Risk Management and GRC processes. In 2018, two years after deploying the ProcessUnity platform, the firm’s director of IT risk, governance and compliance, thought it would be a good idea to evaluate his team’s use of the system, see where they could make improvements, and map a path forward.

“We wanted to identify opportunities for further efficiency gains and to develop a roadmap for taking advantage of more functionality within the platform,” explained the director. “Plus, it was time to look at expanding our use of ProcessUnity to support a more sophisticated risk assessment process instead of just housing our risk register and findings.”

The Solution

In April 2018, the customer signed up for ProcessUnity’s Health Check program. During this 30-day engagement, a ProcessUnity product expert guided the customer’s participants, including an information technology risk analyst and members of the application security and security operations teams, through a proven methodology to identify and implement changes aimed at enhancing the value of their GRC implementation.

The Health Check program started with an online discovery workshop to review the customer’s current implementation and discuss short- and long-term GRC program goals. Based on information gathered during the workshop, the ProcessUnity product expert developed a plan for the onsite workshop, highlighting three key areas of focus:

• Automate and improve the existing vendor risk process, which still relied heavily on email and manual, Excel-based workflows
• Expand GRC functionality in areas such as organizational hierarchy, risk register, controls, and issues
• Improve data tracking and reporting, including automated import of application vulnerabilities from multiple sources

“I was looking to drive efficiency by minimizing the number of clicks required to do our work,” the director added. “We were still relying on manual processes that I knew our ProcessUnity solution had the ability to automate. I wanted to get us to a point where we were spending less time manipulating data and sending emails, and more time focusing on risk and compliance.”

The ProcessUnity product expert traveled to the customer’s corporate headquarters for the onsite workshop. Initial onsite time with the team centered around training them to leverage untapped functionality for immediate efficiency gains. They spent two days collaborating to achieve quick wins and prepare for longer-term improvements.

Their activities included:

• Introducing new buttons to reduce multi-step tasks down to a single click
• Laying the groundwork for implementing the vendor profile function
• Configuring a central risk assessment questionnaire that could be easily filtered for each vendor
• Delving into chart and dashboard capabilities to simplify reporting to stakeholders
• Exploring options for loading vulnerability testing data into ProcessUnity
• Discussing best practice for adding new users across the company to increase engagement and reduce reliance on manual processes and email

Following the onsite workshop, the ProcessUnity product expert compiled and delivered a Health Check report with a detailed summary of the actions taken as well as recommended steps that the customer’s team could take to continue tuning — on their own or with the help of Professional Services. All participants met virtually for a debrief workshop, where they reviewed the Health Check report and addressed any outstanding questions.

The Results

The Health Check engagement provided valuable one-on-one time with a ProcessUnity technical and domain expert to focus on the customer’s specific configuration, train users in leveraging more functionality within the applications, and identify ways to mature GRC processes through automation.

“Our ProcessUnity product expert was well prepared and extremely knowledgeable about both the ProcessUnity software and GRC best practices,” concluded the director. “He shared innovative ideas and showed us practical steps we could take within the applications to achieve our goals in the most efficient manner possible.”

The Health Check not only provided a prioritized roadmap of recommendations for future process improvements, but it offered training and enablement to help the customer strengthen its vendor risk management and other GRC programs.