Case Study: University of Chicago Biological Sciences achieves automated, risk-based vulnerability management and improved visibility and accountability with adpative

How The University of Chicago Biological Sciences Division uses a GRC platform to bring automation to vulnerability management

The University of Chicago Biological Sciences faced a decentralized, open-culture IT environment—5,000 faculty and staff across 32 independently run departments and roughly 800 servers—making it difficult to inventory assets, prioritize vulnerabilities, and produce credible metrics for accountability and FISMA compliance. To address this, the division engaged adpative and implemented the Keylight GRC platform to align people, processes and technology for automated vulnerability management.

adpative configured Keylight workflows after process mapping and role definition (IT custodians, system owners, department heads), added an asset catalog with CIA scoring, and automated Priority Impact Analysis, notifications and escalations via dashboards. The solution delivered measurable results: a 77% reduction in vulnerability response time, a 100% vulnerability response rate across departments, a 98% success rate in inventory responses, and freed security staff to focus on other projects—all driven by adpative’s Keylight automation.

University of Chicago Biological Sciences

Plamen Martinov

Chief Information Security Officer