Challenge
A major financial institution with lines of business in banking, healthcare, and insurance services had an inefficient internal system for responding to data privacy and security incidents.
Solutions
After implementation, the company’s security team ran Radar® Privacy in parallel to the old system, but quickly became convinced that Radar® Privacy provided consistent, accurate incident risk assessments more efficiently. Radar® Privacy helped the company better demonstrate its burden of proof with all the comprehensive reports and documentation stored in the software’s easily accessible repository.
A Fortune 150 Financial Company Selects Radar® Privacy
A major financial institution with lines of business in banking, healthcare, and insurance services had an
inefficient internal system for responding to data privacy and security incidents.
The security team needed a more flexible solution that kept them up to date on complex state and federal laws while offering a consistent platform for performing incident risk assessments. The team required in-depth guidance and workflow that would ensure its incident response process was in compliance with the latest regulations.
Solution Requirements
With tens of thousands of employees and multiple lines of business, the company had a rigorous set of requirements. The security team needed a solution that would:
-> Offer breach guidance based on correct interpretation of the latest state and federal laws.
-> Provide a consistent, accurate method for incident risk assessment.
-> Be flexible to meet the company’s unique needs, such as single sign-on for faster reporting of incidents and support for the Gramm-Leach-Bliley Act (GLBA).
-> Help demonstrate burden of proof for state Attorneys General, and other regulators and auditors.
-> Be highly secure.
Evaluation of Options
The company issued a request for proposal (RFP), and Radar® Privacy was evaluated against three other solutions: a prominent GRC platform, the organization’s internal systems, and another independent software provider. The security team quickly eliminated the GRC platform, because of the 18 months it would take to implement and because of its lack of flexibility. The team also decided to eliminate the hassle of keeping its internal systems up to date with the constantly changing state laws.
Only RadarFirst and the other software provider remained. The security team ran its own scenarios through both systems and found that Radar® Privacy provided the in-depth regulatory guidance it needed. The other software had the regulations, but minimal guidance and interpretation for deciding if an incident was a reportable breach.
Implementation
For the first few months, the company’s security team ran Radar® Privacy in parallel to the old system, but quickly became convinced that Radar® Privacy provided consistent, accurate incident risk assessments more efficiently. In addition, Radar® Privacy helped the company better demonstrate its burden of proof with all the comprehensive reports and documentation stored in the software’s easily accessible repository.
The Radar® Privacy business unit was launched in three months. The software’s agility allowed Radar® Privacy to quickly meet client requirements, such as integrating with the employee authentication service to enable single sign-on. Now, the many thousands of employees across the enterprise can report and escalate an incident with easy-to-use web forms.
Radar® Privacy’s functionality also allows different groups of users to perform an incident risk assessment, based on the nature of the incident, such as whether or not it included paper or electronic records.
Why Radar® Privacy?
At the end of the day, the company chose Radar® Privacy because it is purpose-built software for managing incident response. It is not an afterthought to a GRC platform or privacy and compliance software. It eliminates the cost and hassle of building and maintaining an internal system. Most importantly, its Breach Guidance Engine™ provides the industry’s most thorough regulatory guidance for incident assessment and recommendations for a compliant response.
In summary, Radar® Privacy helped transform this Fortune 150 company’s incident response processes with:
-> Breach Guidance Engine™: Guides the security and privacy teams through the process of incident reporting, assessment, notification, and response in compliance with the latest state and federal laws.
-> Multi-factor, multi-jurisdiction platform allows for the complexity and unique nature of incidents.
-> Consistency and accurate method for managing incident response, especially incident risk assessment.
-> Comprehensive reporting and documentation stored in a central repository to help the company meet its burden of proof.
-> Flexibility to add features, such as single sign-on and support for multiple lines of business with the addition of Gramm Leach–Bliley Act (GLBA).
-> Highly secure to protect large volumes of regulated data. Radar® Privacy operates in a secure, cloud-based environment.
-> Operational approach to incident response, which provides greater insight into incident causes and trends, to help the company better manage breach risks.