thanks for joining this Tech bite on reducing risk during a pandemic I'm an Enterprise solution consultant for service now focusing on our security and Risk Solutions I'm a senior advisory solution architect in the risk practice at service now many organizations were not prepared for the onset of covid-19 as a result most have been struggling to reduce their Enterprise level risks related to the pandemic whether it is cyber risk where organizations need to mitigate the risk of a reach in a time where covid related fishing attacks are on the rise HR risk where HR teams need to mitigate onboarding health safety and facility risk compliance risk where compliance teams need to mitigate regulatory risks from us or International regulations or infrastructure risk where organizations need to mitigate the risk of business continuity related disruptions service now provides a single platform that can truly manage risk across the organization we do the by providing real-time visibility into organizational risk posture through the use of continuous risk monitoring one of our many differentiators today we will walk through a live demonstration of reducing infrastructure risk during a pandemic leveraging the breadth in the depth of service now's V portfolio we will start with the crisis management portal this portal is a One-Stop shop for the crisis management team that can help them make quick decisions it brings together and consolidates data that that is normally managed in either a multitude of siloed applications or in Word documents or spreadsheets this portal is specifically focused it on a pandemic use case but keep in mind the service now platform is entirely flexible and this could be tailored to accommodate any crisis scenario we are logged into the portal as the crisis manager Scott Hall Scott has full visibility into realtime crisis events or activated plans from a geolocation perspective he can drill into facilities where recovery plans have been activated as well as the details Behind these plans he can send out emergency communications this could be a targeted notification to engage the cross functional team in the event of a crisis via conference call or SMS text to make a go or no-o decision on activating recovery plans alternatively this could be a more broad communication organization wide leveraging our emergency Outreach capability can also view Bia recovery plans and Facilities from a business continuity perspective Dan will provide more detail on this in just a couple of minutes Scott can see the health of critical business services within the organization by clicking on global system status he also has visibility into security incidents that may put the organization at the risk of a breach now let's rewind time back to March Scott Hall can receive alerts that are coming in from live and actionable RSS feeds from various sources on the portal alerting him that the pandemic is becoming more and more of a worldwide threat he can start to look at the numbers of pandemic cases being reported worldwide based on our covid-19 Global Health Data set he's alerted at the top of the portal that there are two facilities that are reporting a spike in HR pandemic cases both the Salt Lake City and Tokyo locations he needs to make a go or no-o decision on activating the global pandemic recovery plan but he can't do this in a silo he needs to engage the crisis management team he can do this in just a couple of mouse clicks by opening up the virtual agent the virtual agent will assist him in generating a new crisis event he will be asked to summarize the event in a couple of words and he's going to say Global pandemic he will be asked what type of event this is an actual event meaning we are at the onset of a crisis scenario or an exercise where we are simply testing our recovery plans we will select actual he will now be brought in context into the brand new recovery event that was created by way of the virtual agent with that said I will now hand this over to complete the rest of this demonstration once the crisis event has been created Scott needs to make a decision as to which plan plans need to be activated as you can see we've activated six plans within this recovery event service now has created a point in time copy of each of the recovery plans and also made point in time copies of all the event tasks or the recovery tasks that are uh instantiated within each activated plan Scott has the ability to tie out directly from the recovery event to any impacted CIS this would be anything in the service now cmdb asset business processes business units and anything that is from an infrastructure perspective Scott can also tie out directly to service now's integrated risk management functionality to tie the crisis event to a risk event this allows Scott to track the monetary impact of the event on the organization Scott can also tie out directly to security incidents so since covid started there's been a 667 per increase in the number of malware incidents as a result of fishing this is certainly a factor that Scott's going to want to take into consideration during the uh recovery and response efforts in the crisis Scott can also tie out directly to it incidents this is the traditional it service management functionality in service now Scott can also tie out to our vendor risk management functionality in service now irm to understand any risks and the level of risk for any supply chain vendors that his organization relies on and then lastly vulnerability groups this is actually teams that are working on patching vulnerabilities on systems that could be exploited during the event within the scope of the event tasks Scott has the ability to tie directly to control procedures using the control monitoring functionality and service now if the task is completed that satisfies the control and that is measured automatically in real time Scott can also tie that emergency self-report task directly to emergency self-report applications this is some of the emergency response applications that service now offers on the service now store same thing with workplace safety tying out directly to controls and tying out to workplace recovery tasks furthermore employee health screening this is where uh Scott's or organization is sending out notifications to all the employees to determine whether or not they're healthy or not tying out directly to change requests in this case we have a change request in IT service management that has been created to patch systems that currently have vulnerabilities on them testing remote access capacity on systems that are providing VPN capacity for uh remote workers and then lastly pulling in customer service management cases where customers are poten potentially reporting that their pii data has been breached all of this ties back directly to a specific Global pandemic risk dashboard that shows you which pandemic risks are in a high category where you have facilities that have been impacted by the pandemic high-risk vendors that you saw earlier on the crisis event and then last but not least and probably most important whether or not from a compliance persp perspective each of your different business continuity specific Frameworks and the controls that are tied to them are being satisfied in real time as each task is completed within the crisis event record in service now this is a big differentiator for service now tying everything together in one platform and giving you as the business continuity team and the leadership team one place to go to understand what's going on and being able to report that information up the chain of command that's the service now difference that's the service now platform