A Platform Approach to Simplifying RMF

While the joint BOE/FCA paper specifically addresses the financial sector, it offers lessons that impact businesses in every industry and how an organisation manages its response to operational disruptions, is critical to maintaining confidence in the business services it provides and its wider industry partners. ​

This panel session features industry leaders responsible and accountable for operational resilience including guests from HSBC, Zurich Insurance, BNP Paribas and Euroclear. It is moderated by Anna Mazzone, the Head of ServiceNow’s Risk Business Unit.

As a result of the pandemic, financial services institutions rely more than ever on their IT infrastructure to provide services to employees and customers.

In this session, David Vorih, CIO at Siemens Financial Services discusses:
- How to mitigate the accompanying risks of digital transformation
- The steps needed to establish an IT-resilient organization
- What role can or should regulation play in that context?

Together with Norman Nehls from Severn Consultancy, a firm specialized in regulatory and change projects, David discusses his expectations for the European Commission’s upcoming DORA (Digital Operational Resilience Act) and how it could help his organization improve operations, in financial services as well as across the entire Siemens group.

Before Covid-19 had an unprecedented impact on global financial services, UK regulators were focusing on improving operational resilience. The themes of preparing for, avoiding and recovering from unforeseen events and the need to manage the complexity that this entails through a coherent services-driven data set was seen as being critical to control.

Keith Pearson is joined by Simon Cox, Technology Resilience, Engineering, & Service Transformation Director at Lloyds Banking Group to discuss:

- Best practices and benefits of implementing a scalable, sustainable and continuously improving operational resilience programme
- The importance of having data and technology at the heart of its strategy

The UK is often considered to be forward thinking in identifying risk exposures associated with the adoption of new technology. They have called on the industry to consider, plan and anticipate the potential impact and harm to customers, regulated firms. Along with the wider financial system of failures in their important business services, the systems that support them and the role of the third party and market infrastructure providers.​

In this session, we'll discuss:

- The implications of the proposed requirements from the Operational resilience regulation and how the industry is responding
- The bank’s expectations for minimising disruption to regulated firms and the wider financial system
- The importance in managing technological change
- How much more needs to be done for financial services organisations and how much is enough?

Hannah Gurga, Chief of Staff and Managing Director for Digital, Technology & Cyber, UK Finance leads the conversation with Nick Strange, Senior Technical Specialist, Operational Risk & Resilience, Bank of England.

Cybersecurity risk is front and center in the minds of IT professionals and Executives. As businesses struggle to adapt to a remote workforce and rapid digital transformation, forcing greater cloud adoption, cybersecurity concerns are heightened. The big question is, how do you effectively manage cybersecurity risk in uncertain times, hybrid cloud environments, and complex or highly regulated organizations? Frameworks like NIST and ISO provide a baseline, but you’ll need an integrated platform and a new paradigm.

Join us to learn:
- Best practices for planning and implementing cybersecurity measures
- How to connect IT, security, vendors, and the business to continuously monitor risk and compliance - How to improve risk-based decision making, even in the cloud

During uncertain times, you want to ensure you’re building resilience for your critical business operations. Preparing now can help your organization mitigate risk and recover faster from disruptive events.

Join us as we discuss the lessons learned from COVID-19 and how your organization can help improve its business continuity, crisis response, and return-to-work strategies. Using real-world examples, we’ll explore how you can:

-Assess and prioritize your most critical business processes.
-Review your dependencies, likely risks, and potential impacts.
-Build your business continuity and disaster recovery programs, so you’re empowered for a faster, more efficient recovery.

Privacy and security risks drive many board and audit conversations. However, the ability to effectively communicate these risks is one of the greatest challenges executives face.

Join Andrew Wheatley our ServiceNow VP of Audit, Risk, and Compliance, Mark Cockerill our VP of Legal, and Ben Du Bont our CISO to discuss:
- How a modern approach is essential to enabling the individual experts to effectively communicate risks to the board
- Best practices to prepare for these important meetings
- How using a common language, processes, controls, and issues management across the company can make the message simple and consistent

The Covid-19 pandemic has had a profound effect on almost every aspect of our life: how we work, how we travel, how we shop and how we interact with our friends and families. Even more jarring is that this change happened in a matter of weeks or months, and we still face a great deal of uncertainty.

During this time the CISO is witnessing their career evolving before their very eyes, with two words dominating their new career paths: resiliency and agility. Although there has already been a seismic shift in the way many businesses operate the tectonic plates have not finished moving. Quite how or even when the ground will settle for the long-term is not entirely clear. What is clear, however, is that the CISO needs to both keep the business safe and be prepared and flexible enough to support the new reality.

Today’s CISO needs to be empowered to deal with their historical technical and process debt, the reality of the situation today, and the business of the future. Register for this webinar and join us to discuss the top 3 areas today’s CISO needs to be focusing on.

As we inch toward the end of 2020, one overwhelming takeaway is the need to plan and execute risk management at a different pace - in real time. Business continuity, customer retention, workforce productivity -- these pillars of business success depend on effective operational risk management across the entire organization.

Join this keynote to learn how to achieve true resilience by overcoming risk silos and embedding risk and compliance processes into daily work.

Today’s business environment is characterized by interconnectedness – from the dependences of global markets to interdependent networks of suppliers, partners, and global digitalization. According to Forrester, systemic risk is based upon external events or a system that breaks down and impacts an entire industry or market. In the wake of a global pandemic the repercussions of systemic risks are getting a lot more focus.

Do you have the systems and tools in place to recognize interconnected data, organizational processes, and service experience chains so you can prepare for, respond to and even mitigate systemic risks? Discover how Forrester defines systemic risk and how ServiceNow and EY help you get ahead of service risk management.

Presenters:
Alla Valente, Analyst, Security and Risk at Forrester
Sean Culbert, Principal Financial Services at EY
Michael Murphy, Global Solution Senior Director, Financial Services & Compliance at ServiceNow

When something doesn’t work properly, we have the tendency to simply buy another one. But what happens when your business continuity plan isn’t working? Unfortunately, you can’t just buy another one. It might seem impossible to plan for such a large disruption like COVID-19, but with Cask’s proven approach, you’ll learn how to create an effective plan of action to keep your organization on its feet.
Our approach takes into account industry best practices as well as industry standards as ISO 22301:2019 & ISO 22313:2020 as well as the most current and relevant approaches to threat mitigation.

Land ahead of the competition by:
• Learning our agile approach to disaster recovery
• Pivoting your recovery from survival to thriving
• Creating a higher degree of stability for your organization
• Creating a real-world plan to deal with threats including the impact of COVID-19

Not All Business Continuity Plans are Created Equal
So what are you supposed to do if you can’t just go buy another BCP? Learn how to strengthen your current plan and make sure it is effective and efficient for your organization.

Trust But Verify. No matter how much you trust your third-party vendors, it’s essential to verify they have adequate safeguards in place to protect the data they process on your behalf, especially if that data contains Personal information (PI) about your customers.

U.S. and International privacy laws are unforgiving when it comes to PI, often holding organizations accountable for data breaches caused by or occurring in their vendor ecosystem. Last year, nearly 50% of data breaches involving PI were caused by vendors.

In this on-demand webinar recording, the Covestic and ServiceNow GRC team will highlight how to leverage your investment in ServiceNow to assess, monitor and mitigate privacy risks in your vendor ecosystem.

This webinar will cover:

• Privacy risks introduced by third-party vendors
• Privacy laws mandating vendor risk management
• Best practices for overseeing vendor data processing
• Monitoring and mitigating vendor risk in ServiceNow
• Live demo: Assessing Vendor Risk in ServiceNow

Presenters:
Mike DeAndrea, GRC Practitioner and Advisory Solution Architect, Covestic
Eric Smith, Solutions Consultant, Covestic
Teresa Law, Risk Product Marketing Director, ServiceNow

Join Edgile, an Elite ServiceNow partner as they discuss the importance of building resilience into your supply chain and demonstrates how the Vendor Risk and GRC solutions can be implemented to show quick success. Walk through a demonstration of how Vendor Risk can be used to assess third-party vulnerabilities, the SolarWinds breach is used as an example, in addition to dashboards that can anticipate disruption to the supply chain.

Brian Rizman, Partner, Edgile
Teresa Law, Risk Product Marketing Director, ServiceNow

Serenity EHS, a Premier Built On NOW ServiceNow partner, will showcase their ServiceNow certified EHS Compliance Assurance Solution. This new solution helps organizations simplify their EHS regulatory landscape, automate compliance audits, and integrate EHS into their enterprise risk program with ServiceNows GRC applications.

Kris Markham, co-founder of Serenity EHS will discuss:

• The challenges of managing EHS compliance in multinational organizations
• How the Serenity EHS Compliance Assurance solution helps EHS leadership and facility managers identify applicable regulations and automate site inspections and audits
• How ServiceNow enables organizations to integrate EHS into their Enterprise Risk Program with ServiceNow GRC

Kris Markham, Founder, Serenity EHS
Teresa Law, Risk Product Marketing Director, ServiceNow

The biggest challenge many companies in highly-regulated markets face is understanding how to manage GRC/IRM in a way that doesn’t require significant effort to achieve value and truly integrates risk and compliance as a foundation. Join experts from Edgile and ServiceNow for a webinar that will present case studies illustrating the three different stages of the GRC/IRM integration journey. Each segment will include demonstrations explaining how we help companies start a GRC program or move to the next level in their program.

• Crawl Segment: We share our clients’ successes in building a solid foundation of truly integrated risk and compliance using ServiceNow IRM and the Edgile Automated Regulatory Compliance (ArC) Content.
• Walk Segment: Highlights techniques to rapidly accelerate dynamic assessments and control testing capabilities, addressing both design and operating effectiveness.
• Run Segment: Showcases book-end innovations in assurance with the upstream Decision Engine Solution and the downstream Evidence Warehouse.

Learn how to quickly and consistently rate confidentiality, integrity and availability coupled with a close-loop process of consultation and fulfillment tasks. Explore the process, workflow, guidance and secure containers to help your organization “Assess Once, Test Once, and Satisfy Many” with ‘Evidence Boxes’ assigned to control owners and recurring collection schedules, materially reducing the ‘audit fatigue’ many organizations face when supporting external audits like SOX, PCI and HIPAA to name a few.

Presenters:
Cliff Harris, GRC Specialist at ServiceNow
William Mathies, Technical Director at Edgile
Jay Dial, Senior Manager at Edgile

Operational resilience has long been top of mind for Risk and Security experts in Financial Services. An organization’s ability to effectively respond to, recover from and learn from business disruptions across people, technology, suppliers and facilities is essential - not just for short term success and security but future growth and stability. Join KPMG partner, Andrew Husband, and members of the KPMG team, to learn how to outline your resilience roadmap specific to Financial Services organizations. Topics will cover leading practices in strategy and operating model design, the importance of a data-driven approach to service resilience and the technology required to deliver a scalable and sustainable approach to resilience.

Presenters:
Andrew Husband, Partner, Operational Transformation at KPMG UK
Ashley Harris, Director, Financial Services at KPMG UK, Operational Resilience Lead
Neevash Khanna, Director Management Consulting at KPMG UK

Successfully achieving operational resilience requires detailed understanding of operational risks that can result in disruption to important business services. In this session, Manoj Kulwal will present how the RiskSpotlight OpRisk Library app can facilitate ServiceNow GRC users to develop a comprehensive library of operational risks aligned with industry best practices. He will share guidance on operational risks that are relevant for achieving operational resilience.