Close GRC gaps and increases risk visibility



A leading defense contractor faced significant GRC challenges due to gaps in process and capability. They were able to deliver solutions from collecting, processing and understanding sensor data, but lacked an automated system to help them scale coverage and report on results. They were using a manual process that was simply unable to provide leaders with a true picture of risk and vulnerability. They needed a clear, reliable solution to identify issues and accountability.

Their GRC strategy lacked connection with the required policies and controls they were mandated to meet as a government contractor, such as NIST 800-171.  



Brilliant IG provided an intelligent, cloud-based solution that executives could depend on for a transparent, in-depth picture of their risk exposure. It helped standardize the client’s GRC process and align with security requirements, using a flexible platform that could be customized to meet their unique needs for function and data scaling.  

The following features were leveraged to achieve their goals. 

  • Intuitive compliance – automated connection to ensure compliance with NIST 800-171 requirements. 

  • Risk alert – advanced risk tracking for executive evaluation.

  • UFC framing – leading control framework to support the uptake and synchronization of policies and procedures and to inform risk monitoring activities. 

  • Vulnerability control – increased risk visibility for a faster internal response to threats. 

  • Results

Brilliant IG was a cutting-edge solution to elevate the client’s GRC process from a limited, manually-driven model to an advanced and automated data-driven system. They’re now able to quickly identify vulnerabilities, assess risk, remove redundancies and satisfy strict regulatory requirements.

Having a central, dependable framework to provide tracking and actionable data for each step of the GRC process successfully provided the visibility and accountability executives were looking for.


Advancing risk and vendor assessments for Healthcare


A large healthcare provider faced significant challenges with their assessment process. They were relying on email, surveys and excel spreadsheets to collect and aggregate data from hundreds of assessments each year. Their ability to obtain a comprehensive picture of the vendor landscape was limited, and when risks were identified, follow-up was lengthy and time-consuming.

They needed an enterprise solution to manage data, identify risks within the vendor environment and support future changes and growth.  


Brilliant IG provided an automated solution with various control-based options and advanced intel to help the client distribute, collect and analyze large amounts of data more quickly and efficiently. The platform featured a customizable database that allowed specific tiers and executives to be easily included in the assessment process. 


The client was able to increase their yearly assessments by over 300 per cent and significantly decreased the amount of time and manual labour required. 

Both low-risk and high-risk assessments are now identified automatically, and status reports are auto-generated for distribution to stakeholders.


Data control and incident response


A large healthcare organization was struggling to integrate people, policies and procedures into a process that could deliver comprehensive results. They needed a solution to manage risk assessments, meet compliance requirements, automate their current process, and to help them effectively scale large amounts of data so they could respond faster. 


With Brilliant IG’s advanced security operations, the client was able to:

  • Easily identify and manage risk

  • Monitor security incidents through auto-reporting and respond quickly

  • Control sensitive information to maintain compliance, including:

  • HIPAA Security



  • NIST 800-53

The client now had a reliable process for managing workflow deliverables, connecting with external platforms, integrating data and generating quantifiable results. 


The client’s internal security team was able to access real-time data about threats that included control, solution and risk scenarios so they could respond faster. 

  • Risk was identified and measured with greater depth and visibility.

  • Security incidents were controlled and automatically analyzed.

  • Risk scenarios were connected to incident response solutions.

  • Communication was standardized across all processes.

The client cited the importance of defining the process parameters before initiating programming. Workflow proved to be a significant factor in achieving optimum timing and response. Additionally, creating a solid test environment with viable scenarios was key to determining architecture and necessary adjustments.