York Risk Services Group creates a robust, standardized IT security framework

York Risk Services Group helps get people and organizations back to health, work, and productivity
York Risk Services Group (York) is a leading provider of claims management and risk management services for the insurance industry. The company is the third-largest third-party administrator (TPA) in the United States, with more than 80 locations. As a TPA, York manages claims on behalf of its clients—adding value by driving down the severity, duration, and cost of claims in diverse sectors including property, liability, environment, transportation, and construction.

Acquisition-led growth creates IT security challenges
York has grown rapidly through acquisition. This resulted in a diverse, geographically dispersed IT environment, with each acquisition bringing its own tools to the table.

According to Tina Price, AVP of IT Security and Governance at York Risk Services Group, “Our explosive growth created significant IT challenges, particularly with IT security. As a heavily regulated business, security is one of our top priorities, but we didn’t have standardized, consolidated security tools and processes. While our security was effective, managing it was incredibly difficult.”

Manual processes and disconnected systems increase potential risk for York
York responded by implementing a consistent incident response framework—based on NIST guidelines and best practices—across its business. But there remained a major issue—it still relied on manual processes.

Tina explains, “We had state-of-the-art tools, including IDS systems, endpoint protection, vulnerability scanners, SIEM tools, and more. However, we had no easy way to bring all of that information together when working on a security incident. For example, we documented security incidents in Word—so we couldn’t easily track progress to ensure we were eradicating incidents quickly and effectively.”

ServiceNow delivers visibility and control
According to Tina, “What we wanted was a security operations solution that drove our security processes and integrated data from our existing security tools."

Tina continues: "Because the core of the ServiceNow®  Security Incident Response application is built on the NIST framework, we could automate our existing manual processes, giving us the end-to-end visibility and control we needed to reduce risk.”

York goes live with ServiceNow in just six weeks
With the help of CareWorks Tech, a ServiceNow Silver partner, York launched ServiceNow Security Operations in just six weeks. This initial phase included automating security incident response workflows, creating a security service catalog, and integrating with York’s Tanium endpoint management system.

“By leveraging CareWorks Tech’s expertise and engaging with our internal security, helpdesk, and infrastructure stakeholders, we went live successfully in a very short time,” Tina recalls.

Now, ServiceNow automates York’s complete security incident response process, managing and tracking security incidents throughout the entire lifecycle. “With ServiceNow, we can see exactly what’s happening with each security incident—where it’s at and who’s working on it,” says Tina. “We’ve now got SLAs to manage our response times, and ServiceNow lets us know if things go off track.”

ServiceNow accelerates security incident response
ServiceNow hasn’t just automated incident response—it’s accelerated it. Tina explains, “We’ve seen our response times go down now that our security incidents are assigned automatically—with no bouncing around from team to team. When our security team needs IT to remediate an issue, they simply fire off a catalog item, rather than spending time working their way through the helpdesk. That’s why it’s important to have security and IT teams working together on a single platform.”

York simplifies audits and creates customer trust
As well as strengthening York’s security incident response capabilities, ServiceNow has also simplified auditing and helped build customer confidence. “Now, we have a full audit trail for each security incident, along with reporting that shows our overall stance,” Tina says. “That makes it much easier to show our internal and external auditors that we’re complying with stringent regulatory requirements, such as HIPAA and New York State’s Cybersecurity Regulation.”

ServiceNow provides a comprehensive security operations solution
York is already expanding its ServiceNow Security Operations solution. For example, it is in the process of launching vulnerability management, including integrating with a Tenable Nessus vulnerability scanner, sending remediation requests to the right owners and tracking through final resolution. York also plans to extend ServiceNow integration to other security systems.

Summing up the value of ServiceNow Security Operations, Tina concludes, “Most security teams have multiple tools that deliver critical value. However, unless you can consolidate the data from all of your security tools and drive repeatable, reliable security response processes around it, there’s a huge gap. That’s what ServiceNow does for us, helping to ensure that we have the mature security stance our clients deserve.”

Download PDF