How Iceberg APS helped bring a hospital’s GRC program back to health
Iceberg recently worked with a large California-based healthcare facility to make critical configuration updates to their GRC solution and to mentor their internal IT resources, ultimately driving greater user adoption and value.
The organization first implemented a GRC solution in 2013 to handle application risk as- sessments, but they have had difficulty retaining certified resources to support the solution. That hampered their ability to adapt their GRC solution to meet the changing requirements of their organization, and the tool is not being used to its full potential.
The initial goal was to build back user confidence in the GRC solution. The organization wanted to fix some critical configuration issues that were a barrier to full adoption, and train a junior IT resource to become the technical owner of the solution going forward.
The hospital enrolled in the Iceberg APS program, which allows customers to leverage Ice- berg’s resources to augment and support their internal resources. In this case, the hospital chose a dedicated support option, providing named resources from our pool of skilled and experienced GRC developers and consultants. Iceberg’s team worked remotely to help pri- oritize and solve critical issues that were causing user confidence issues.
Over a three-month period, Ice- berg supported the hospital’s internal IT team to help fix 17 critical tickets. In the process, we mentored and trained a junior resource to build up her confi- dence and develop her skills in using the platform.
With the critical configuration issues resolved, the organization saw an immediate up-take in us- age of the GRC solution. The organization now uses their solution to manage approximately 1,000 application risk assessments concurrently at any given time.
The GRC solution has been configured with more effective reports and real-time dashboards, meaning that executives now have greater confidence that they have an accurate and meaningful view into the security risk of all applications in their environment.
Through Iceberg’s APS program, the hospital has been able to continue to grow their internal team and develop more re- sources to support a sustainable GRC program.
The initial Iceberg APS engagement was extended, and since then we have helped to expand the GRC program to imple- ment additional use cases including Business Continuity, Physical Security, SecOps and Internal Audit.
On an ongoing basis, the organization continues to access Iceberg’s GRC developers and senior GRC consultants to help advise, plan, and develop their program as the organization continues to evolve through acquisitions and expansion of their services and operations, including a significant corpo- rate merger in 2017.
“The level of service has been excellent. We have weekly calls. They’re very responsive, very knowledgeable, very professional. I’m completely comfortable and confident that if we have any situations or incidents with our GRC platform that Iceberg can quickly address any critical issues that we may have with our system… I know that we can be successful because I have Iceberg with me.”
–GRC Program Owner