thanks for joining this tech byte on reducing risk during a pandemic i'm chrissy druzinski i go by drew i'm an enterprise solution consultant for servicenow focusing on our security and risk solutions and i'm dan minter i'm a senior advisory solution architect in the risk practice at servicenow many organizations were not prepared for the onset of kovid 19. as a result most have been struggling to reduce their enterprise level risks related to the pandemic whether it is cyber risk where organizations need to mitigate the risk of a breach in a time where coveted related phishing attacks are on the rise hr risk where hr teams need to mitigate onboarding health safety and facility risk compliance risk where compliance teams need to mitigate regulatory risks from u.s or international regulations or infrastructure risk where organizations need to mitigate the risk of business continuity related disruptions servicenow provides a single platform that can truly manage risk across the organization we do this by providing real-time visibility into organizational risk posture through the use of continuous risk monitoring one of our many differentiators today we will walk through a live demonstration of reducing infrastructure risk during a pandemic leveraging the breadth and the depth of servicenow's vast portfolio we will start with the crisis management portal this portal is a one-stop shop for the crisis management team that can help them make quick decisions it brings together and consolidates data that is normally managed in either a multitude of siloed applications or in word documents or spreadsheets this portal is specifically focused on a pandemic use case but keep in mind the servicenow platform is entirely flexible and this could be tailored to accommodate any crisis scenario we are logged into the portal as the crisis manager scott hall scott has full visibility into real-time crisis events or activated plans from a geolocation perspective he can drill into facilities where recovery plans have been activated as well as the details behind these plans he can send out emergency communications this could be a targeted notification to engage the cross-functional team in the event of a crisis via conference call or sms texts to make a go or no go decision on activating recovery plans alternatively this could be a more broad communication organization wide leveraging our emergency outreach capability scott can also view bia's recovery plans and facilities from a business continuity perspective dan will provide more detail on this in just a couple of minutes scott can see the health of critical business services within the organization by clicking on global system status he also has visibility into security incidents that may put the organization at the risk of a breach now let's rewind time back to march scott hall can receive alerts that are coming in from live and actionable rss feeds from various sources on the portal alerting him that the pandemic is becoming more and more of a worldwide threat he can start to look at the numbers of pandemic cases being reported worldwide based on our covid19 global health data set he is alerted at the top of the portal that there are two facilities that are reporting a spike in hr pandemic cases both the salt lake city and tokyo locations he needs to make a go or no-go decision on activating the global pandemic recovery plan but he can't do this in a silo he needs to engage the crisis management team he can do this in just a couple of mouse clicks by opening up the virtual agent [Music] the virtual agent will assist him in generating a new crisis event he will be asked to summarize the event in a couple of words and he's going to say global pandemic he will be asked what type of event this is an actual event meaning we are at the onset of a crisis scenario or an exercise where we are simply testing our recovery plans we will select actual he will now be brought in context into the brand new recovery event that was created by way of the virtual agent with that said i will now hand this over to dan minter who will complete the rest of this demonstration once the crisis event has been created scott needs to make a decision as to which plans need to be activated as you can see we've activated six plans within this recovery event servicenow has created a point-in-time copy of each of the recovery plans and also made point-in-time copies of all the event tasks or the recovery tasks that are instantiated within each activated plan scott has the ability to tie out directly from the recovery event to any impacted cis this would be anything in the servicenow cmdb assets business processes business units and anything that is from an infrastructure perspective scott can also tie out directly to servicenow's integrated risk management functionality to tie the crisis event to a risk event this allows scott to track the monetary impact of the event on the organization scott can also tie out directly to security incidents so since covid started there's been a 667 percent increase in the number of malware incidents as a result of fishing this is certainly a factor that scott's going to want to take into consideration during the recovery and response efforts in the crisis scott can also tie out directly to i.t incidents this is the traditional it service management functionality in servicenow scott can also tie out to our vendor risk management functionality and servicenow irm to understand any risks and the level of risk for any supply chain vendors that his organization relies on and then lastly vulnerability groups this is actually teams that are working on patching vulnerabilities on systems that could be exploited during the event within the scope of the event tasks scott has the ability to tie directly to control procedures using the control monitoring functionality in servicenow if the task is completed that satisfies the control and that is measured automatically in real time scott can also tie that emergency self-report task directly to emergency self-report applications this is some of the emergency response applications that servicenow offers on the servicenow store same thing with workplace safety tying out directly to controls and tying out to workplace recovery tasks furthermore employee health screening this is where scott's organization is sending out notifications to all the employees to determine whether or not they're healthy or not tying out directly to change requests in this case we have a change request in it service management that has been created to patch systems that currently have vulnerabilities on them testing remote access capacity on systems that are providing vpn capacity for uh remote workers and then lastly pulling in customer service management cases where customers are potentially reporting that their pii data has been breached all of this ties back directly to a specific global pandemic risk dashboard that shows you which pandemic risks are in a high category where you have facilities that have been impacted by the pandemic high risk vendors that you saw earlier on the crisis event and then last but not least and probably most important whether or not from a compliance perspective each of your different business continuity specific frameworks and the controls that are tied to them are being satisfied in real time as each task is completed within the crisis event record in servicenow this is a big differentiator for servicenow tying everything together in one platform and giving you as the business continuity team and the leadership team one place to go to understand what's going on and being able to report that information up the chain of command that's the servicenow difference that's the servicenow platform