NAVEX Case Studies Major Social Game Developer Embraces Integrated Risk Management and New Risk Culture

Edit This Case Study Record

	Major Social Game Developer Embraces Integrated Risk Management and New Risk Culture NAVEX

Major Social Game Developer Embraces Integrated Risk Management and New Risk Culture

NAVEX

Technology Category	Application Infrastructure & Middleware - API Integration & Management
Applicable Industries	Software
Applicable Functions	Business Operation
Use Cases	Cybersecurity Regulatory Compliance Monitoring
Services	System Integration
Challenge	The social game developer was facing challenges in managing cyber risk, compliance, and audits due to inadequate processes. They were using spreadsheets, word-processing, email, and an Intranet site for governance, risk management, and compliance. As a result, the company couldn’t see vulnerabilities and the risks posed by them. Asset inventory audits took months to reconcile. Onboarding new vendors took four weeks. Even convincing employees to acknowledge company policies, like acceptable use, was a Herculean effort. The company needed a senior analyst to lead its nascent program, as well as invest in a technology platform that could streamline cyber risk, compliance, and audit management activities while supporting game development. Read More
About Customer	The customer is a high-profile social game developer that creates popular mobile games enjoyed by millions. The company was growing fast and leveling up, but it was not a skilled player at managing risk and complying with regulations. They were still using spreadsheets, word-processing, email, and an Intranet site for governance, risk management, and compliance. As a result, the company couldn’t see vulnerabilities and the risks posed by them. Asset inventory audits took months to reconcile. Onboarding new vendors took four weeks. Even convincing employees to acknowledge company policies, like acceptable use, was a Herculean effort. Read More
Solution	The social game developer selected NAVEX’s GRC platform, IRM to create a new IT and cyber risk program. The goals of the program were to get a bird’s-eye view of vulnerabilities, risks, audits, and policies, address employee challenges, like version control, understand and control the vendor lifecycle, make audits faster and less painful, and help employees understand their responsibilities as risk stakeholders. NAVEX IRM’s integrated risk management capabilities address eight business use cases: Compliance and policy management, Vendor risk management, IT risk management, Continuous monitoring, Business continuity management, Operational risk management, Audit management, Health and safety management. Read More Log in to view content
Contents

Technology Category

Application Infrastructure & Middleware - API Integration & Management

Applicable Industries

Software

Applicable Functions

Business Operation

Use Cases

Cybersecurity

Regulatory Compliance Monitoring

Services

System Integration

Challenge

The social game developer was facing challenges in managing cyber risk, compliance, and audits due to inadequate processes. They were using spreadsheets, word-processing, email, and an Intranet site for governance, risk management, and compliance. As a result, the company couldn’t see vulnerabilities and the risks posed by them. Asset inventory audits took months to reconcile. Onboarding new vendors took four weeks. Even convincing employees to acknowledge company policies, like acceptable use, was a Herculean effort. The company needed a senior analyst to lead its nascent program, as well as invest in a technology platform that could streamline cyber risk, compliance, and audit management activities while supporting game development.

About Customer

The customer is a high-profile social game developer that creates popular mobile games enjoyed by millions. The company was growing fast and leveling up, but it was not a skilled player at managing risk and complying with regulations. They were still using spreadsheets, word-processing, email, and an Intranet site for governance, risk management, and compliance. As a result, the company couldn’t see vulnerabilities and the risks posed by them. Asset inventory audits took months to reconcile. Onboarding new vendors took four weeks. Even convincing employees to acknowledge company policies, like acceptable use, was a Herculean effort.

Solution

The social game developer selected NAVEX’s GRC platform, IRM to create a new IT and cyber risk program. The goals of the program were to get a bird’s-eye view of vulnerabilities, risks, audits, and policies, address employee challenges, like version control, understand and control the vendor lifecycle, make audits faster and less painful, and help employees understand their responsibilities as risk stakeholders. NAVEX IRM’s integrated risk management capabilities address eight business use cases: Compliance and policy management, Vendor risk management, IT risk management, Continuous monitoring, Business continuity management, Operational risk management, Audit management, Health and safety management.

Impact #1	Automation: Shortened project timelines from two months to 48-72 hours by automatically importing and correlating vulnerabilities.
Impact #2	Single source of truth: Employees have access to only current policies and procedures.
Impact #3	Efficiency gains: Assessing new vendors went from two months to 2-3 days. The company launched a fast-track approval process for ongoing vendors.

Impact #1

Automation: Shortened project timelines from two months to 48-72 hours by automatically importing and correlating vulnerabilities.

Impact #2

Single source of truth: Employees have access to only current policies and procedures.

Impact #3

Efficiency gains: Assessing new vendors went from two months to 2-3 days. The company launched a fast-track approval process for ongoing vendors.

Benefit #1	Shortened project timelines from two months to 48-72 hours.
Benefit #2	Assessing new vendors went from two months to 2-3 days.
Benefit #3	Audits that once took months to conduct now take, on average, 4 days.

Benefit #1

Shortened project timelines from two months to 48-72 hours.

Benefit #2

Assessing new vendors went from two months to 2-3 days.

Benefit #3

Audits that once took months to conduct now take, on average, 4 days.

Download PDF Version

Overview

Major Social Game Developer Embraces Integrated Risk Management and New Risk Culture

Operational Impact

Quantitative Benefit