Aflac capitalises on technology GRC revamp

Digital Manager 360 streamlines complexity for improved efficacy

image

The Digital Manager 360 solution helped streamline our security processes through the use of workflow and automation, effectively elevating our technology GRC program through operational efficiencies, network integration and real-time visibility.

Anthony Raciti

MANAGER, TECHNOLOGY GRC, AFLAC

AT A GLANCE

When Aflac's global security team set out to revamp their technology governance, risk and compliance (GRC) processes, they embraced the opportunity to create an even stronger program through automation. Aflac needed greater visibility into technology GRC activities, as well as a single platform to improve document management and act as a central source of the truth accessible to all stakeholders. Digital Manager 360 was selected and implemented to improve transparency and accountability. It helped the Aflac global security team save on time and resources for a more intelligent approach to risk management. 


CUSTOMER BACKGROUND 

Fortune 500 company Aflac, recognized globally by their popular Duck ad campaign, provides financial protection to more than 50 million people throughout the U.S. and Japan. For 62 years, Aflac's voluntary insurance plans have provided policy holders with peace of mind so they can focus on recovery, not financial stress, often paying eligible claims in just a day through its trailblazing One Day PaySM initiative. 

Aflac has been recognized in Ethisphere's World's Most Ethical Companies list for 11 consecutive years. “You don't just appear on Ethisphere's list,” said Aflac Chairman and CEO Dan Amos, “you have to earn it, and ethics starts with good governance, a strong compliance program, and an overall desire to do the right thing for your customers and shareholders.”


CHALLENGE

Aflac's global security team relied on manual processes for technology GRC. Emails, spreadsheets, and network drives served as primary communication and file storage tools. While sufficient initially, these tools would not scale to support a more comprehensive global security management system for a broader and more efficient technology GRC program.

As Aflac began to strengthen its information security program, it identified critical pain points. The global security team wanted, first and foremost, to improve the accountability for stakeholders in the processes. They also wanted better visibility into past and ongoing technology GRC activities. Finally, a dispersed geography of stakeholders from North America to Asia required a combination of phone calls, emails, and meetings in order to remediate risk findings. This resulted in wasted resources and, more importantly, time - which was needed to focus on reducing risk. 

Aflac, convinced of the need for improved efficiency, identified automation as both a solution and an opportunity to amplify and expand its technology GRC efforts.


SOLUTION

During the summer of 2014, the Aflac global security team began to evaluate GRC solutions. Anthony Raciti stated, “Due to its reputation and positioning in the Gartner Magic Quadrant, SAI Global's Digital Manager 360 made the short list of prospective solution providers.” 

Aflac used the software in a way that 'no other company had thought of.' Aflac's global security team, working alongside the Digital Manager 360 team was able to adapt the platform and meet specific business requirements to continuously improve IT GRC and manage risk intelligently. 

Aflac launched its technology GRC program with Information Security (IS) Vendor Risk Management - using the Standard Information Gathering Agreement (SIG), IS Policy and Standard Exception, Approval Management, and Audit Issue Management. Aflac also had some critical requirements to their particular operating environment including:

  • Integrations - direct connection to third-party products such as Splunk®
  • Compliance Surveys - such as Healthcare Information Portability & Accountability Act (HIPAA), National Institute of Standards and Technology (NIST), PCI Data Security Standards (DSS), and others
  • Security and Technology Risk Management - including but not limited to technology and security operational controls assessments.

In January 2016, Aflac added the GRC Intelligence module, recognized by Michael Rasmussen of GRC 20/20 for its innovative contribution to GRC. With GRC Intelligence, Aflac's technology GRC team could contextualize large volumes of data and collaborate with other risk functions within the business. 


RESULTS

Shortly after implementation, Digital Manager 360 provided immediate return on investment. According to Anthony Raciti, Aflac's Technology GRC Manager, “[Digital Manager 360] helped streamline several of Aflac's security processes through the use of workflow and automation.” By reducing reliance on spreadsheets and emails to manage their remediation efforts, the Aflac technology GRC team improved accountability, visibility, and efficiency.

Aflac's impressive global security processes have been well-defined and codified. The strong foundation they already had in place gave them the ability to capitalize on the benefits of Digital Manager 360, including its Workflow and Digital Audit Trail. According to Raciti, “[Digital Manager 360] is attractive to us because it affords us the efficiencies over the manual processes we used to perform.”

As global security and GRC continue to mature, Aflac's global security team appreciates having a central repository for technology GRC documents and activities accessible to stakeholders, regardless of location and time differences. The team can do more with fewer people and resources. The team now also has the ability to collaborate with other parts of the business to identify and mitigate redundant risks through information-sharing.

Using Digital Manager 360, Aflac's technology GRC team reports key metrics, including: 

  • Number of security issues 
  • State of outstanding security issues 
  • Risk rating associated with each security events
  • Policy and standard exceptions and approvals.

WHY SAI GLOBAL

SAI Global's Digital Manager 360 is known by information security professionals and industry thought leaders as a cost effective and efficient path to IT GRC automation.

In lieu of the traditional vendor relationship, Aflac partnered with SAI Global to manage their IT GRC initiatives. When faced with the challenge of adapting Digital Manager 360 to conform to Aflac's unique processes, SAI Global worked hand-in-hand to find a solution that would support Aflac's current and long term goals.

Aflac was also confident in the software's ability to demonstrate immediate and long-term return on investment due to its out-of-the-box features as well as flexible functionality. Aflac deemed the Digital Manager 360 implementation team as diligent, experienced and hardworking.

For more information on Digital Manager 360 click here, or to learn more about our other risk and compliance solutions here.