Fortune 500 enterprises today are engulfed in a tidal wave of digital changes, which in turn creates hurdles for IT, legal, privacy, compliance, information security, and the business. Even worse, these companies are having to deal with multiple forms of digital change simultaneously, mostly increasing cloud adoption, but also increasingly mobile, IoT, robotic process automation, and advanced AI efforts.
Employees, partners, and customers are increasingly trying to communicate digitally, which would be a wonderful advancement- were it not for those pesky GRC efforts. By its very definition, digital transformation creates more risk and jeopardizes compliance. That is why enterprises today critically need trusted risk and compliance partners to manage the digital risk. But compliance is hardly a static situation. It is a mix of often-contradictory– and constantly changing– rules from state, federal, global and industry-specific compliance and regulatory requirements, including PCI, SOX, NIST, NY DFS, FFIEC, HIPPA and a myriad of state privacy mandates. That’s where Edgile comes in.
Edgile is a leader in building IRM/GRC programs for highly-regulated companies, both large and small. A big advantage of the company’s approach is that it allows tailoring environments to the enterprise’s needs while avoiding true customization that can create problems down the road.
For almost two decades, Edgile has helped Fortune 500 companies deal with risk and compliance issues, by tackling the intersection of the four areas where enterprise GRC efforts generally fail. These areas consist of the constantly-changing global compliance landscape; the evolving threat technology landscape; mismatches in roles and responsibilities between the enterprise and their vendors (e.g., Saas, IaaS) the related nuances of cloud security compliance; and the almost-limitless configuration and related product options being offered by the major GRC vendors.
An Organization of GRC implications
Enterprises today face an avalanche of GRC choices. How to migrate to an earlier platform? What configuration choices make the best sense for that company, given its size, geography and vertical? What are the GRC implications as the enterprise moves more and more deeply into the cloud? For that matter, those answers change depending on which cloud provider is being leveraged. What GRC tool to implement? Which implementation partner? Then there are the complexities that happen with every business unit sale and especially every acquisition, with new software licenses and homegrown legacy apps forced into the enterprise technology equation.
The experienced Edgile team members have an average of more than ten years of experience in a wide range of GRC programs, from functional to technical engineering. This is rare and difficult to find because other companies tend to focus on just one of these areas, such as solely dealing with security or just compliance. But without factoring in all of these considerations– the enterprises current and future operations, current and future compliance changes, partner new or changed capabilities, changes in the enterprise’s operating environment, such as new cyberthief tactics– it’s impossible to truly help an enterprise with its complex and ongoing GRC efforts.
Edgile’s experience in delivering this comprehensive and holistic strategy has allowed it to create a precise methodology that allows enterprise executives to understand their GRC environment and to deal with it at their own chosen pace. Indeed, This methodology doesn’t simply make efforts easier for IT, Security, Compliance, Auditing, and other traditional GRC operating units, but it also helps articulate to the CEO, CFO, and board members that their security dollars are being used shrewdly.
Life Made Easier by Managing Risk
Edgile’s expertise extends beyond its 16 industry verticals, delving deeply into managing the risk of an enterprise’s entire digital transformation. The cloud itself, for example, is typically far more naunced and complicated than most executives assume because of hybrid cloud environments, where the company is neither fully in the cloud nor fully on-prem but it is doing both – to varying degrees as it slowly transitions to an eventual allcloud environmental. That painstaking slow process must be managed delicately, as those changes can have non-obvious impacts on both risk and compliance. And as enterprise shift more of their resources, data, tools, and other applications to the cloud, the number of elements that are suddenly – and sometimes invisibly – beyond their control soars.
Another critical area for Edgile is regulatory change management. Although it starts with a team of compliance experts that are tracking global, federal, state, municipal, and industry laws, regulations and other requirements every day, the most powerful element is applying those changes-and the anticipated near-term compliance changes – to the specifics of each enterprise. How does it impact that company’s policies and operations? What are the best changes to both improve compliance and reduce risk? That’s what Edgile delivers.
Approach and Advantage
Edgile has seen a rapid rise in organizations making the IRM /GRC move to ServiceNow. This isn’t surprising as:
- ServiceNow is a Gartner Magic Quadrant Leader in the GRC space
- ServiceNow is the authoritative source for much of what needs to be managed via GRC so having native access without API integration is a huge benefit.
- ServiceNow platform enables synergies across the three lines of defense
- ServiceNow offers the first real opportunity to achieve continuous monitoring & automate early warnings via KPI/KRI sustainably and cost effectively.
Unique Client Risk Programs
What’s unique about Edgile is their focus on building client risk programs, using their proven 5-pass methodology and automated access they provide to the rapidly changing regulatory environment. Edgile’s ArC, Automated Regulatory Compliance Managed Content Service has a team that tracks more than 500 states, federal, global & industry-specific compliance and regulatory requirements every day. Edgile’s ArC coupled with its Regulatory Change Management Solution allows the company to help clients’ pinpoint control and policy changes necessary to achieve compliance.
Critically, Edgile works closely with Fortune 500 executives, to understand not only where they operate today but to try and focus on where they expect to be in 6-18 months and where they are heading strategically in the long-term. The team then collaborates with both technology and the business leaders to frame a roadmap.
Better Services with ServiceNow
One enterprise that both Edgile and ServiceNow have helped is Banner Health, which owns 20 hospitals across six states. “Taking all of those materials and shifting it into a platform allowed us to maintain data, to see the audit trails of who did what when we just continued referencing it while putting that data continuously in the customers’ hands,” said Banner Health IS Governance Director Greg Liebergen. He also says “I don’t believe that we did any customization at all. It’s taking the ServiceNow tool and using its out-of-box capabilities, the workflows, the different aspects of the module that exist and configuring them so that they use the language that we use internally the terminology. It was a big thing for us not to have to use customization, just to make it overall easier to use the tool on a dayto- day basis. But also, when the time came for platform upgrades, that we’re not struggling, trying to take our unique item and fit them into ServiceNow’s upgraded platform to provide more capabilities.” Another advantage of not having to customize the coding is that it makes it so much easier to share information. “When our auditors come and ask for specific information around our IT general controls, we can point them into ServiceNow rather than having to send them Zip files or give them access to SharePoint that would require them to then have VPN access, etc.,” Liebergen said.
Committed and Determined Leader
A professional leader with a wealth of experience has the ability to understand how businesses operate and applying his positive enthusiasm, motivates teams into producing results. Don Elledge, the CEO is one such committed and determined leader who founded Edgile in 2001. Don holds an undergraduate degree in finance from the University of Texas, and an MBA from the University of Washington with a focus on economics. Prior to founding Edgile, Don was a partner at Deloitte, where he established a national security practice focused on e-business security. He also spent four years in New York working at First Boston in the financial industry. He advises clients on security and risk issues by the rapidly changing technology environment, and his forward-thinking view has positioned the company as a trusted, strategic partner. Don is responsible for growing the company into a leading security and risk services organization serving Fortune 500 companies.