GDPR. WHO WE ARE Founded in 2016 with the vision to be THE company that organisations turn to for data privacy and governance solutions globally.

Transcription

1 GDPR ACCELERATOR

2 WHO WE ARE Founded in 2016 with the vision to be THE company that organisations turn to for data privacy and governance solutions globally. GDPR ACCELERATOR The Wrangu GDPR Accelerator provides current and potential OUR MISSION To bridge the gap between data privacy, governance, regulation and corporate day to day activities enabling compliance through action driven products and solutions by leveraging the power of the ServiceNow platform. Exceptional experience, delivering GRC and SecOps solutions across verticals and geography Certified by ServiceNow in Vulnerability Management Deep Domain knowledge and understanding ServiceNow GRC Platform Specialists ServiceNow clients with a number of ready to deploy applications to rapidly advance its GDPR program. The package contains modules to support key articles of the GDPR regulation including Data Protection Impact Assessments, Subject Access Requests, Record of Processing Activities and Data Breach reporting. These Wrangu GDPR applications bring most value when combined with the strength of ServiceNow s Policy and Compliance, Risk Management and Security Operations modules. Wrangu s depth of experience in governance, risk, and compliance means their internal professional services capability is unrivalled should you need support with your implementation. Wrangu Software is offered in a packaged edition available via the ServiceNow App Store. Copyright Unless otherwise indicated, Wrangu copyrights all materials on these pages. All rights reserved. No part of these pages, either text or image may be used for any purpose other than it s original intent. Reproduction, modification, storage in a retrieval system or retransmission, in any form or by any means, electronic, mechanical or otherwise, for reasons other than its original intent, is strictly prohibited without prior written permission.

3 GDPR ACCELERATOR CONTENT GDPR ARTICLE CONTENT GDPR ARTICLE PORTAL DATA BREACH REGISTER MODULE Articles 33, 34 A ServiceNow portal providing user engagement to support Subject Access Requests as well as act as an entrance point for employees engaged in assessments and impact assessment screening. Provides the core functionality required to show compliance to article 33. Key components of this module are: The portal provides access to a GDPR knowledgebase and can be (optionally) configured per individual customer requirements, styles and content desires. Wrangu Professional Services can also be engaged separately to perform more complex customization and configuration. The GDPR portal integrates seamlessly with your existing ServiceNow portal if required Supports a standard process to support the Analysis, Containment, Recovery and Review of potential or real data breach events. Tracks the various data elements required in the reporting of data breaches to supervisory authorities Seamless integration with ServiceNow Security Incident Response module SUBJECT ACCESS REQUEST (SAR) MODULE Comprised of a front-end exposed via the portal, and a standard ServiceNow backend interface, the SAR module provides the ability for subjects to make Subject Access Requests and manages the response process. The module is shipped with workflows to access requests: Request access to data Request data rectification Right to be forgotten/data erasure Request for data transfer Provide consent Withdraw consent Objection to processing Articles 6, 7, 8, 9, 13, 14, 15, 16, 17, 18, 19, 20, 21 INFORMATION LAYERS The classification of the CMDB (Asset) data to identify Configuration Items (CI s) that process or store PII data. Key components of this module are: The ability to map low level CI s holding GDPR relevant data to customer or employee facing services gives the ability to ensure the correct assets are targeted with the correct control tests. The information layering capability provided in this solution forms the basis for automation in the area of data collation in preparation for responding to a Subject Access Request In cases of Security Operations if an organization becomes aware of an attack on it s assets by an adversary and the CI s (or their relations) are relevant to GDPR containment/eradication they can be correctly prioritised. The workflows provided drive high-level tasks to guide the SAR through a process of validation, data collection and response. Native ServiceNow functionality is used to provide features such as Service Levels. DATA PROTECTION IMPACT ASSESSMENT (DPIA) MODULE Articles 35, 25 ADMINISTRATION MODULE Administrative configuration elements and data properties influence data presented to the user in the core modules SAR, DPIA, Record of Processing Activities, and Data Breach Register. Key administration modules are: Provides ability to perform an initial DPIA screening questionnaire and then, if required, drive a full assessment for new projects or existing assets. Key components of the module include: Can be configured to support multiple data subject types Intelligent dynamic logic ensures the appropriate DPIA workflow is used Guided workflows through the stages including screening, information flow and risk assessment. Configurable approvals levels throughout the lifecycle of an assessment Seamless integration with ServiceNow GRC and PPM modules RECORD OF PROCESSING ACTIVITIES MODULE Article 30 Information Categories and Layers Legitimate Processing Interests Data Subject Categories Information Transfer Methods GDPR AUTHORITY DOCUMENT CONTENT Contains the freely available articles and citations transformed onto the ServiceNow platform with additional content from Wrangu GDPR Subject Matter Experts. Article 30 of the GDPR requires the documentation of processing activities. This module provides the necessary structure and relationships to enable this. Key components of this module are: Records within this module document the appropriate contact details of various data controller personnel as well as the Data Protection Officer The purpose for processing can be configured based on the customers needs via the administration module Provides the ability to relate a record of processing directly to services or configuration items within the ServiceNow CMDB using the information layers capability Contains the many distinct pieces of information required to satisfy the GDPR Record of Processing Activities requirement Seamless integration with ServiceNow GRC module Provides option to generate a ROPA from a completed DPIA record TEMPLATE INDICATORS AND ATTESTATIONS Wrangu provides an initial set of Indicator templates enabling automated control testing within the ServiceNow GRC module. SEAMLESS INTEGRATION WITH SERVICENOW MODULES Project and Portfolio Management (PPM) Governance, Risk and Compliance (GRC) Security Operations (SecOps) Vendor Risk Management (VRM) Incident Management Change Management CMDB

4 PROFESSIONAL SERVICES Wrangu follow the ServiceNow Implementation Methodology (SIM) to deliver the Wrangu GDPR Accelerator. This approach enforces an agile way of working which includes regular feedback from the customer at key stages during the engagement. The engagement begins with an initial kickoff call between customer and Wrangu to align expectations and confirm various elements. A workshop will be setup to review customer requirements and document them in line with best practices. Certified ServiceNow implementation specialists will configure the application in accordance with the workshop outcomes and support the customer as they transition to an operational state. WRANGU LICENSE Annual Subscription IP indemnification Warranty & Liability SOFTWARE FEATURES Dynamic SLA management including notifications Customisable workflows in all modules Automatically create ROPA from a full DPIA assessment Customisable Data Protection Impact Assessment questionnaire Consumerised interface through Portal Information layers (CMDB extension) to map PII data 360 degree view of PII data within CMDB Visualisation of PII data within CMDB ServiceNow GRC indicator templates for GPDR module Two-factor Authentication (via ServiceNow plugin) Application and module access control implemented using ServiceNow tried and tested platform security (roles, ACLs etc.) GDPR SOFTWARE FUNCTIONALITY Integrates seamlessly with ServiceNow GRC, CMDB and Security Operations modules Provides a portal that can be accessed to initiate requests with back-end fulfilment application supporting your duty to handle Subject Access Requests Provides detailed support for the Data Protection Impact Assessment via a custom application supporting DPIA screening and full assessments for projects and systems Provides ability to satisfy requirements to document the Record of Processing Activities, providing transparency with regards to the data you process, the reason for processing, and the services (and their components) that touch this data Gives the capability to relate Services (business services, service offerings etc.) and their underlying components to information layers and PII data types. Fully configurable either via properties, administration module or using out of the box ServiceNow components such as workflows, service level agreements, notifications and so on. Customer Support & Maintenance Optional Professional Services

5 CONTACT US UK Tel +44 (0) NL Tel +31 (0) CONTA UK +44 (0)20 3 NL +31 (0)20 Em hello@wra