GF Forsikring Tackles GDPR Compliance with iServer
"For me, iServer has become a part of my mindset in my daily work as an IT architect. It is a part of my tool belt, presenting us with opportunities to solve problems in new and better ways. The work we did around the robotic process automation initiative is an example of where iServer shines."
Thomas Pedersen
IT Architect at GF Forsikring
Industry
Insurance
Region
Europe
No. of Users
5
Products Used
EA, Portal
When the General Data Protection Regulation (GDPR) was published in May 2016 it gave companies that process personally identifiable information of EU residents two years to achieve compliance or face massive fines. As an insurance provider, GF Forsikring deals with its customers’ sensitive data on a regular basis, including identity and health conditions. This put them especially at risk, which is why they immediately started to look for a means to bring the company’s policies in line with the GDPR.
After several months of research, documentation and strategy development, they came up with a plan. The initial phase of this consisted of documenting all the organization’s data flows in order to identify the purpose and risk level of sensitive data. This amounted to a considerable task, especially since the organization lacked a library documenting their process landscape and data flows, or a documentation standard. Because the initiative was slow to advance, the team started looking for a dedicated architecture management suite.
"We didn’t have good documentation on our data flows prior to this project, so we wanted a repository-based tool to map all these data flows."
Thomas Pedersen - IT Architect at GF Forsikring
When they set out to bring a tool in, the architecture team decided on a few key requirements, namely a central repository for storing content, great usability, and information sharing capabilities. After analyzing a number of vendors, Orbus Software’s iServer was declared the clear choice. iServer granted the team access to all the crucial capabilities they sought. Its central repository had great governance and collaboration features, and acted as a single source of truth for all the GDPR deliverables they would generate. In addition, because the platform leverages and enhances Microsoft technologies (SQL Server, Visio, Office productivity suite) they would have a very gentle learning curve and require minimum training. The team at GF Forsikring were already using Visio for modeling, and so extending the capabilities of the application with iServer’s functionality simply made sense.
"There were diagrams scattered all over the place before iServer."
Finally, thanks to iServer’s range of communication modules, which allowed for the socialization of information company-wide (beyond technical roles), the architects were convinced they had the best option in iServer. Installation and deployment were straightforward. An Orbus consultant ensured a smooth transition and the architecture team quickly adopted the tool. This was also helped by the useful Proof of Concept stage they had enjoyed as part of the pre-sales process that had clarified questions and concerns.
Explore GDPR Solutions
Due to its flexibility and strong cross-domain capabilities, iServer has become integral for the company.
After fulfilling its initial purpose of facilitating the creation of a data flow library, it continues to play an important role in ensuring GF Forsikring can operate while complying with the GDPR.
When the Regulation comes into force, the architecture team plan on leveraging its information sharing capabilities to supply the regulators with deliverables that prove their compliance. Furthermore, it has enabled the architects to distribute knowledge internally and ensure they optimize processes that were inefficient. Lastly, iServer has created a more engaged environment, whereby stakeholders from across the enterprise are brought into the process and encouraged to contribute via iServer Portal.
Discover iServerThe platform made an immediate impact in the architecture practice. The architecture team successfully created an enterprise-wide repository for their practice, something that had been missing before. Together with the main iServer client, GF Forsikring also purchased the ArchiMate Accelerator, which allowed them to model the data flows with great ease and register significant progress. This empowered them to finalize the initial stage of their GDPR initiative – obtaining a reliable picture of their data landscape.
The unexpected benefit of their work meant architects could identify areas of possible improvement. Leveraging the platform’s analysis engine they highlighted previously unknown duplication in the application landscape, which has since then been corrected. So not only did their mapping of the data flows contribute towards ensuring their compliance, but it also afforded them insights that helped the organization eliminate costs.
"Support is great. I always get swift answers, so definitely a good experience in that regard."
Importantly, the legal department were granted access to the data flow descriptions in the repository via iServer Portal, a bolt-on communication module. This supports the company’s GDPR program by enabling staff in other relevant departments to leverage architectural content. Legal staff can make assessments of the progress being done towards ticking all the required regulatory boxes, record notes directly on models, or involve other stakeholders via iServer’s workflow engine. Another positive outcome of introducing iServer surfaced after the initial mapping project concluded and the team had become more experienced with the tool. The success they had with building, managing and socializing the content around their internal and external data flows encouraged the architects to employ iServer for all project documentation going forward.
An instance where the solution proved very useful was when the company started a robotic process automation project. iServer was successfully used to assess current governance processes, since the RPA initiative necessitated clarity over which business processes to automate and also over the consequences of technology upgrades. Robotics automation is often highly sensitive to changes in the application screens, for example. To avoid costly disruptions to the environment and ensure the right investments were made, the architects conducted impact analyses that highlighted the consequences of planned actions to underlying systems.
Book a Demo