The insurance giant elevates technology for managing governance, risk and compliance by automating workflows to improve operational efficiency and gain real-time security visibility.
At a Glance
When Aflac’s global security team set out to revamp their governance, risk and compliance (GRC) technology processes, they embraced the opportunity to create an even stronger program through automation.
Aflac needed greater visibility into GRC technology activities, as well as a single platform that would improve document management and act as a central source of the truth that is accessible to all stakeholders. SAI Global’s Digital Manager 360 was selected and implemented to improve transparency and accountability.
The investment helped the Aflac global security team save on time and resources for a more intelligent approach to risk management.
Fortune 500 company Aflac, recognized globally with its popular Aflac Duck advertising campaign, provides financial protection to more than 50 million people throughout the U.S. and Japan. For 62 years, Aflac’s voluntary insurance plans have provided policyholders with peace of mind so they can focus on recovery, not financial stress, often paying eligible claims in just a day through its trailblazing “One Day Pay” initiative.
Aflac has been recognized in Ethisphere's World's “Most Ethical Companies” list for 11 consecutive years. “You don't just appear on Ethisphere's list,” said Aflac Chairman and CEO Dan Amos, “you have to earn it, and ethics starts with good governance, a strong compliance program, and an overall desire to do the right thing for your customers and shareholders.”
Aflac's global security team had relied on manual processes for GRC technology. Emails, spreadsheets and network drives served as its primary communication and file storage tools. While sufficient initially, these tools would not scale to support a more comprehensive global security management system for a broader and more efficient GRC program.
As Aflac began to strengthen its information security program, it identified critical pain points.
- The global security team wanted, first and foremost, to improve the accountability for stakeholders in the processes.
- They also wanted better visibility into past and ongoing technology GRC activities.
- Finally, a dispersed geography of stakeholders from North America to Asia required a combination of phone calls, emails, and meetings in order to remediate risk findings. This resulted in wasted resources and, more importantly, time — which was needed to focus on reducing risk.
Aflac, convinced of the need for improved efficiency, identified automation as both a solution and an opportunity to amplify and expand its GRC efforts.
“The Digital Manager 360 solution helped streamline our security processes through the use of workflow and automation, effectively elevating our technology GRC program through operational efficiencies, network integration and real-time visibility.”
Manager, GRC Technology, Aflac
Shortly after implementation, Digital Manager 360 provided an immediate return on investment. According to Anthony Raciti, Aflac's GRC technology manager, “[Digital Manager 360] helped streamline several of Aflac's security processes through the use of workflow and automation.” By reducing reliance on spreadsheets and emails to manage their remediation efforts, the Aflac technology GRC team improved accountability, visibility, and efficiency.
Aflac's impressive global security processes have been well-defined and codified. The strong foundation they already had in place gave them the ability to capitalize on the benefits of Digital Manager 360, including its Workflow and Digital Audit Trail. According to Raciti, “[Digital Manager 360] is attractive to us because it affords us the efficiencies over the manual processes we used to perform.”
As global security and GRC continue to mature, Aflac's global security team appreciates having a central repository for technology GRC documents and activities accessible to stakeholders, regardless of location and time differences. The team can do more with fewer people and resources. The team now also has the ability to collaborate with other parts of the business to identify and mitigate redundant risks through information-sharing.
Using Digital Manager 360, Aflac's technology GRC team reports key metrics, including:
- Number of security issues
- State of outstanding security issues
- Risk rating associated with each security events
- Policy and standard exceptions and approvals.
Why SAI Global
SAI Global's SAI360 Risk Platform is known by information security professionals and industry thought leaders as a cost-effective and efficient path to IT GRC automation.
In lieu of the traditional vendor relationship, Aflac partnered with SAI Global to manage their IT GRC initiatives. When faced with the challenge of adapting Digital Manager 360 to conform to Aflac's unique processes, SAI Global worked hand-in-hand to find a solution that would support Aflac's current and long term goals.
Aflac was also confident in the software's ability to demonstrate immediate and long-term return on investment due to its out-of-the-box features as well as flexible functionality. Aflac deemed the Digital Manager 360 implementation team as diligent, experienced and hardworking.
To read the full customer success story and take a closer look at how Aflac capitalized on a technology GRC revamp, click below.