Soneva, a luxury resort group with properties in the Maldives and Thailand, was facing a challenge in ensuring that its employees, referred to as hosts, felt safe and secure. The company had open lines of communication between hosts and management, but there were instances when female hosts were hesitant to use these direct lines to report sensitive issues or discuss concerns. The company wanted to ensure that hosts would always feel comfortable to approach the company to discuss any issue, so they decided to look for a way to enhance the existing lines of communication by providing a safe way for hosts to make a report directly to the senior leadership team.

Sanford Health, the largest rural nonprofit health care system, was facing a significant challenge in setting and managing policies across its 43 hospitals and nearly 250 clinics. Each of Sanford’s major hospitals was using a separate system for writing, updating and distributing policies. Over time, this became an increasingly disorganized approach. The smaller clinics in the Sanford system had to rely on paper copies or locally stored electronic versions of policies that were scattered, hard to track down and sometimes outdated. It was impossible to audit the policies and ensure employees were aware of the latest guidelines. When it came time for Sanford leadership to revise policies or draft new ones, documents would be mailed from one person’s desk to another, with multiple versions getting mixed up—a frustrating arrangement that was almost impossible to track.

The E.W. Scripps Company, a diverse media concern with interests in newspaper publishing, broadcast television stations, and licensing and syndication, was facing challenges in encouraging employees to report ethical issues in the workplace. The company had a company-run hotline for issue reporting and managed the cases with a spreadsheet and paper file system. However, this approach posed challenges that Scripps decided to solve by outsourcing. The company wanted to gain a more consolidated view of what was happening in the company.

Ocwen Financial Corporation, a large mortgage company in America, was facing a demanding regulatory environment. The regulatory expectations in the financial services industry had risen dramatically, and the company was held to a high bar. They faced regulatory demands that required a new, more robust governance process for the company’s policies. They needed a solution that would meet the demands of regulators as well as deliver significant business value. The company realized that their current tools would not be sufficient to satisfy their business needs. They needed a program built for policy management so they could manage all of their company’s policies and procedures consistently and efficiently.

Alliance Data, a leading provider of marketing, loyalty, and credit solutions, was facing challenges with its employee reporting system. The company, which manages over 100 million consumer relationships for some of the world's leading brands, was using a pen and paper system to manage employee reports. With 20,000 associates across the company, this system proved to be inefficient and made it hard to manage employee reports effectively. In addition, keeping track of the historical context behind the data was a challenge. The company needed a more efficient and effective way to manage employee reports and track data over time.

Kamehameha Schools, one of the world's largest charitable organizations, faced a significant challenge in ensuring the safety of its students. With a large number of staff and students, the school needed a system to promptly discover and address any issues of misconduct or potential misconduct. The school's CEO, Jack Wong, emphasized the importance of providing safe and healthy learning environments for students to flourish. To foster safety and transparency, Kamehameha decided to expand its compliance helpline to make it easy for all members of the school community, including students, parents, and staff, to report concerning behavior.

Eggleston, a non-profit organization providing opportunities to people with disabilities, was facing challenges with its hotline reporting system. The system was cumbersome and outdated, relying heavily on paper processes. This made it difficult to effectively ensure the safety and security of their employees and the individuals they assist. Additionally, the organization wanted to maintain its exemplary accreditation via the Commission on Accreditation of Rehabilitation Facilities (CARF). The accreditation provides independent validation of their operations and offers assurance of Eggleston’s reliability as a partner to prospective clients, customers, investors, and regulatory bodies.

The medical device manufacturer was struggling with a lack of insight into IT risks, siloed information, and inefficient audit preparation. The company’s IT security team was not equipped to manage risks and comply with audits. Essential information was difficult to track down, often stored in emails or individual spreadsheets. The company managed web application assessments, penetration tests and vulnerabilities as separate efforts. Reporting was manual and cumbersome, so risks were rarely visible to leadership. Audits were labor-intensive tasks that required collecting data from different departments and it took weeks of preparation before external auditors arrived. The medical device manufacturer needed a unified way to collect information, report on potential risks and streamline the audit process.

Guthrie, a non-profit, multi-specialty integrated health system serving Pennsylvania and New York states, needed a way to effectively collect, assess, and act on feedback from its stakeholders. The organization wanted to ensure it was providing an environment where stakeholders, both internal and external, felt comfortable expressing their concerns. The challenge was to maintain the legacy of the organization in the pursuit of patient care while also ensuring that stakeholders felt heard and that their feedback was being acted upon.

Texas Roadhouse, a restaurant chain headquartered in Louisville, Kentucky, was in need of an upgrade for its in-house hotline system. The company had always stressed the value of a fun work experience for employees, but that experience was sometimes affected by behavior that went against the company’s values - including issues of ethics, discrimination or other negative behaviors. In order to identify and prevent those issues from happening, the company provided an employee hotline and kept track of cases using hand-written notes. However, this system was not ideal and the company had outgrown it. They decided to find a vendor that was best-in-class for their industry.

The Milford Police Department (MPD) was struggling with an outdated policy and procedure management system that relied heavily on paper folders. This made it difficult for officers to locate documents and determine if they were current. The system was not in line with state accreditation standards, which required a more efficient and organized method of managing policies and procedures. The department needed a solution that would allow them to easily access, track, and archive their policy documents.

San Juan Regional Medical Center (SJRMC) was struggling with a slow and inefficient policy management process. Policies were taking up to six months to a year to pass through various levels of document owners, reviewers, approvers, and committees before becoming official. The hospital lacked a centralized system for managing policies across its seven healthcare facilities located outside of the main hospital. Additionally, many of their policies existed in a solely typewritten format, and their document management system for electronic policies did not provide reminders to update documents or possess the capability for a structured review and approval cycle.

The major health insurer was struggling to comply with HIPAA data security requirements and other regulations due to inefficient manual processes for vendor risk management. The company had previously adopted a GRC platform, but it proved to be overly rigid and required technical expertise to configure, leading the risk management team to revert to manual processes. The company needed a more advanced GRC platform that could streamline vendor risk assessments, comply with healthcare regulations, require little or no IT assistance, and achieve high user adoption.

Samaritan Health Services (SHS), a regional network of Oregon hospitals, physicians, and senior care facilities, was facing a challenge in maintaining compliance with all governmental mandates. The organization had a small compliance department, headed by Corporate Compliance Officer Colleen Fair, which was responsible for ensuring compliance for all 5,000 SHS employees. The department was using a toll-free hotline through a third-party service for anonymous employee reporting. However, this service had limitations as it lacked web-based reporting functionality and a case management system that would allow compliance staff to add data from conversations that did not come to her attention through the hotline.

Fulton Financial, a mid-sized bank, wanted to take a more proactive approach to risk. The company needed a system that would increase employee confidence, provide insight into trends indicating risk issues, and facilitate inter-departmental collaboration to address concerns. Fulton initially used an internal system to meet federal requirements and identify fraud exposure. However, this system did not inspire confidence among employees, had limited functionality, and was difficult to staff. The company sought a more efficient solution.

Jefferson County Public Schools (JCPS) is a large school system with over 100,000 students and 155 schools. With a budget of $1 billion, the school system is committed to safeguarding every taxpayer dollar. However, with over 18,000 employees, there is always a risk of financial misconduct or fraud. The school system needed an effective means for employees to report any concerns they may observe regarding misconduct, financial fraud or other issues. They were looking for a hotline and integrated case management system that would be flexible, high quality and easy to work with.

Island Hospital’s accreditation process requires them to keep detailed records on hospital procedures – including violations and remediation. After receiving the emails, department managers and safety officers would exchange dozens of emails discussing how to address the violation. “We would accumulate 40 to 60 emails per issue. We were burying critical information – and sometimes staff wouldn’t take action because there were no clear next steps.” said Sheikh. “It was a very chaotic and disorganized process.”

Highland Rivers Health, a large behavioral healthcare provider in Georgia, was struggling with an outdated, paper-based policy management system. The organization, which operates 36 facilities and employs nearly 700 people, had to rely on individual employees at various locations to maintain policies and procedures. The process of converting paper policies to PDFs and uploading them to the intranet was time-consuming and inefficient, often resulting in policies being outdated by the time they were made available online. The organization also had to maintain a team to monitor version tracking, which required about 15 people to travel once a month to review and revise all policies. This was not only a drain on resources but also a major challenge when it came to searching for and providing evidence for accreditation.

Primetals, a company with more than 40 company offices, engineering, workshop and service centers in close to 20 countries, faces a variety of potential business risks. In emerging markets, some employees encounter different cultural practices that can open up supply chain risks such as bribery, corruption and kickbacks. Because of these risks, Primetals saw the need to gather input from employees to adhere to their values of transparency and compliance. While the company encourages employees to report potential issues through their open door policy, Primetals also understood that employees needed to have more options — including an anonymous hotline and case management system.

OpenMarket, a global leader in mobile messaging, was facing a challenge in meeting the growing security requirements imposed by contracts, laws, and standards. The company had 254 compliance mandates related to various laws, regulations, rules, and standards, along with 173 customer contracts with over 9700 contractual obligations. The company's existing model of compliance performed by service teams relying on user-based tools like spreadsheets was not sufficient to meet these requirements. Global brands had begun asking for security requirements that OpenMarket couldn’t meet with current processes. As such, the company needed a more streamlined, yet comprehensive approach to compliance in order to do business with global enterprises.

The telecom company was given a mandate by its board to create a broad-reaching governance, risk and compliance (GRC) program managing everything from audit and compliance to third-party risk and business continuity. The company faced a number of challenges, including a staffing shortage, customer demands, a dynamic regulatory environment and the off-the-grid nature of Alaska. They relied on spreadsheets, email and tribal knowledge for a patchwork compliance program, and lacked a comprehensive view of real risk areas. The Board requested the new GRC program to be up and running in 18 months.

Carnegie Robotics, founded in 2010, initially focused on research and development with a small portion of the company’s resources devoted to manufacturing. However, with a rapidly growing manufacturing business and contracts with the government, the company found it increasingly difficult to manage their ever-growing collection of policies and assembly instructions through email and spreadsheets. The company needed a robust policy management system that could accommodate its growth and the need to mature its business processes.

Community Health Alliance (CHA), a Nevada-based health center, was struggling with manual processes for policy management. The organization needed a robust policy management system to streamline policy distribution and identify potential risks. The existing manual clearance process was inefficient, with policies sitting on desks for months or getting lost. The lack of a robust system was posing a risk to the organization's compliance and overall performance.

Fulton Financial Corporation, a part of the highly-regulated banking industry, had been using an internal system to meet federal requirements and identify potential risks early. However, this system did not instill confidence among employees, had limited functionality, and was difficult to staff. The company wanted to take a more proactive approach to risk, especially in the current economy where financial organizations are under increased pressure. They needed a new reporting system that would boost employee confidence and help mitigate risk.

Bernhard Schulte Ship Management (BSM) faced the challenge of managing a diverse, non-permanent workforce that changes with contract timelines. This was particularly difficult on operating ships where resources, consistent online access and dedicated HR and whistleblowing management personnel are limited. The company needed a way to govern how these different backgrounds interacted and worked with each other, allowing people to voice concerns, raise safety issues and report misconduct easily. Additionally, regional requirements, including varied language support and contact information, had to be managed effectively.

University Health (UH) had hundreds of policies and procedures that needed to be distributed and attested to across the organization. Prior to implementing PolicyTech, UH was faced with managing hundreds of policies and procedures and tracking various documents without a centralized system to support their needed order of operations. UH is required to have standardized policies and procedures in place for the staff to follow, and continuous control over that process must start at the beginning.

The software company, based in Portland, Oregon, was facing a growing challenge in tracking and responding to risks posed by customer data collection. As the company grew, it faced increasing regulatory requirements from new industries such as healthcare and finance, geographic data privacy laws, and various requirements for third-party vendor relationships. The company's existing risk management processes, which relied heavily on spreadsheets, emails, shared drives, local drives, and even print-outs, were proving inadequate. The company had no central repository for risk management data, and the information security manager was struggling to manually find and track all this information. The company needed a more efficient and effective way to manage risk, track audit requests, align their responses to regulatory requirements, demonstrate compliance, and protect customer data.

After being spun off from another company, Vista Outdoor needed to establish its own compliance program. Wanting to keep the functionality and compliance capability from the previous organization, Vista Outdoor looked for ways to start the new organizational venture on the right foot with robust compliance tools in place. The company wanted to have a better understanding and control in regards to what their third-party partners may be doing, or how they’re representing themselves – and Vista Outdoor. They wanted to ensure that their partners are not acting nefariously, jeopardizing the company with potential corruption or bribery activity.

Rubio’s Restaurants, a company with over 3,250 employees, was facing a challenge in understanding the risks that the company faced. The director of internal audit, Dennis Kreta, wanted to improve the way employees communicate their concerns to management. The company needed a compliance system that would keep employees safe and happy. Kreta knew that he needed greater insight into any possible risk issues the restaurant faced – from employment concerns to possible financial misconduct.

El Pollo Loco, a leading quick-service restaurant chain specializing in flame-grilled chicken, was facing a challenge in maintaining a good relationship with its employees. The company was using a basic employee hotline service and a relatively disorganized case management system. With only spreadsheets and scattered notes, it was impossible to see any trends emerging in the data. The process was clearly inadequate for El Pollo Loco’s needs. The company wanted to generate employee communication and reduce legal risk by listening to feedback and acknowledging concerns. However, the existing system was not efficient in providing a systematic approach to documenting case assignments and streamlining workflow.