How a telecom company elevated integrated risk management and security

Managing risk and compliance in telecommunications is no easy feat. When a telecom company operates in underserved remote and rural communities—including hurricane-prone island markets and mountainous regions in the southwestern US—it can be even trickier. That’s where communications services company ATN International, based in Massachusetts, found itself.

The company wanted a platform to elevate its integrated risk management (IRM) programme. More specifically, ATN wanted to:

• Extend its existing investments in IT Operations Management and IT Service Management

• Scale IT compliance, audit, and security functions across all its subsidiaries

• Find an easy-to-use solution

ServiceNow IRM products checked all three boxes. Partnering with Edgile, a Wipro company and ServiceNow Elite partner, ATN completed the initial implementation of ServiceNow IRM and Security Operations infrastructure on the Now Platform in about 16 weeks.

Gathering requirements and setting expectations

The first step focused on reporting capabilities. Edgile led several requirements-gathering sessions with key stakeholders, including ATN’s compliance and audit teams, to identify what reports would ensure the programme’s success. This process included getting everyone up to speed on the vast IRM lexicon so they could all speak the same language throughout the journey.

The requirements set the stage for a single risk register location in the system to identify and manage risks across categories and domains. This helped the organisation understand the targeted end state.

Following requirements signoff, work began on the configuration, with periodic points designated to check progress.

Nitin Chopra, vice president of information technology at ATN, notes there’s a lot to the Now Platform and recommends not pushing too fast with an IRM implementation. He also emphasises this type of implementation requires ongoing training. The ATN team used screenshots of the final build to create training materials for end users and programme managers.

“It’s an ongoing journey. It’s not a one and done,” he says.“Although the team retained most of what it learned, we engaged Edgile about three months after our initial implementation for refresher training for the core team, which proved useful to fill in some gaps.”

As ATN continues to expand into hypergrowth markets such as Guyana and the Cayman Islands and to register its presence with acquisitions such as Alaska Communications, the company plans to add more applications to its IRM system:

• ServiceNow Vendor Risk Management to continuously assess its new and existing vendors

• Robotic process automation (RPA) to apply to issues and remediate tasks

• Access Review from ServiceNow Premier partner Clear Skye to augment access certification and improve compliance efforts

Assessing value

One way to determine return on investment (ROI) for a technology implementation is time to value. Getting up and running on both ServiceNow IRM and Security Operations in 16 weeks is an important accomplishment.

However, Chopra says his approach to ROI for an IRM project is more about improving the posture of the compliance programme and accelerating risk-informed decisions.

For security operations, the focus is on avoiding operational outages or breaches due to unremediated vulnerabilities and maintaining the confidence of employees and customers.

ATN accomplished both—improved compliance and fewer outages and breaches—while helping people and communities connect with the world and prosper.

Find out more about how ServiceNow IRM can help your organisation improve compliance and risk.

© 2022 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names and logos may be trademarks of the respective companies with which they are associated.