Case Study
How Acuity International Reduced Their GRC Workload by 70% with Hyperproof
Frameworks
ISO 27000
//
SOC 2®
//
FISMA Moderate
//
FedRAMP Moderate
//
CMMC 2.0
Acuity International works closely with federal, state, and local governments around the world to build safe, secure, healthy, and thriving communities. They are a single source for healthcare, humanitarian, disaster and emergency response, and security operations in all corners of the world.
Product Used: Risk Module, Compliance Module, Vendor Risk Module
Industry: Occupational Health for Government Entities
Location: Reston, Virginia, US
1000+
controls managed
60%
reduction in manual processes
80%
decrease in hours spent on evidence collection
90%+
visibility into compliance posture
Hyperproof is not just the best GRC platform I’ve used — it’s also the most intuitive, flexible, and supportive. The personal touch from their team makes all the difference.
Brandon Anthony Tarazi II
Information Systems Security Manager // Acuity International
The Challenge
Thousands of hours spent manually managing controls in spreadsheets
Acuity International delivers occupational health services and critical support to government and commercial clients. With a lean team responsible for maintaining multiple compliance frameworks, their GRC operations faced mounting complexity and inefficiency. Before Hyperproof, Acuity International spent about 4,000 hours a year managing governance packages and preparing for audits. Most of this time was consumed by manual evidence collection, document versioning, and coordinating across spreadsheets and SharePoint folders. These Excel-based processes made it difficult to track over a thousand controls effectively.
Lack of scalability and visibility across compliance activities
Acuity International managed thousands of controls across five frameworks — FedRAMP Moderate, FISMA Moderate, SOC 2® Type II, CMMC 2.0, and ISO 27000 — and needed to streamline operations to scale compliance across their different systems and teams. Their existing tools lacked the flexibility to accommodate cross-framework management, distinguish between systems, and provide real-time insights into compliance and risk posture. The team needed a flexible platform that allowed them to separate data by system and reuse evidence across frameworks to reduce duplicative work.
Demonstrating risk and compliance posture internally and externally to relevant stakeholders
As compliance increasingly became a driver of business opportunity, particularly for winning government contracts, Acuity International needed a solution that could give both internal stakeholders and external partners confidence in their GRC programs. Acuity International’s leadership increasingly viewed compliance as a business enabler, which required trustworthy dashboards, metrics, and reports that were hard to produce and manage. Most importantly, Acuity International needed to gain insight into real-time compliance gaps to earn leadership buy-in and confidently engage new markets.
The Solution
With Hyperproof, we spend about one-third of the time that we used to on prior work, such as managing our governance packages and performing our audits.
Brandon Anthony Tarazi II
Information Systems Security Manager // Acuity International
Thousands of hours saved with automated evidence collection
With Hyperproof, Acuity International no longer has to rely on spreadsheets and manual SharePoint workflows to manage GRC. Now, they have a centralized platform. Using Hypersyncs — data connectors that automate evidence collection across a wide range of applications — Acuity International can streamline evidence collection and ensure that their controls are continuously up to date. Hypersyncs have saved Acuity International hundreds of hours of time. Previously, it took 30 hours to create a System Security Plan (SSP), and now, this process only takes three hours. Hyperproof also automates notifications and evidence expiration reminders for relevant stakeholders so nothing slips through the cracks, and control owners are always aware of the work that needs to be done.
It used to take me 300 hours to prepare for an audit, but I’ve cut that time down by over 70%. I don’t need to spend hours chasing down evidence anymore!
Brandon Anthony Tarazi II
Information Systems Security Manager //
Acuity International
Granular and scalable control management with Scopes
Hyperproof’s Scopes feature provides the flexibility Acuity International needs to manage controls at scale. Scopes enables them to segment entities like programs, systems, and customer artifacts at both the framework and control levels to view their statuses and see what work needs to be done. With Scopes, Acuity International can identify differences across controls as they map to different products and remediate them quickly. They can view the status of all controls, identify which ones are unhealthy, and determine which entity has issues. They can also see and review evidence of control operations provided by the entity-level operators, ensuring transparency and accountability throughout the compliance management process.
Going above and beyond: managing POA&Ms with the risk register
Acuity International has made extensive use of Hyperproof’s risk register, going beyond standard functionality. Using custom fields, Acuity International uses the risk module to manage POA&Ms (Plans of Actions and Milestones) — a critical requirement in government compliance. This eliminated the need for insecure Excel files and streamlined internal collaboration. Risk owners can now access and update records directly in Hyperproof, while leadership receives real-time insights into which risks are open, mitigated, or overdue. Acuity International has further elevated risk management by connecting control health with the risk register. If an expired or missing piece of evidence has caused a control to fall out of compliance, the associated risk is immediately visible. This integration allowed the team to prioritize remediation efforts based on risk severity, a major step toward more proactive, strategic risk management.
Unlocking new markets faster by mapping controls across frameworks with Jumpstart
Crosswalks and Jumpstart functionality also played a key role in aligning frameworks quickly. With Hyperproof, Acuity International can map over 80 controls across frameworks, avoiding redundant work and speeding up the process to onboard new frameworks. With evidence traceability across controls and frameworks, Acuity International is now positioned to scale faster and compete for high-value government contracts. In one case, they reused 80 controls from NIST 800-53 to build their SOC 2® Type II program—saving significant time and effort. This allowed Acuity International to enter new markets without slowing down operations.
Robust dashboards that build leadership trust
Hyperproof helped shift compliance from a back-office task to a strategic growth function for Acuity International, transforming how they communicate with leadership and customers. The platform’s dashboards and reporting make it easy to show compliance health, risks, and real-time priorities. Hyperproof’s control health metrics power dashboards that give over 90% visibility into Acuity International’s compliance posture — data that drives internal decisions and supports external audits. These insights help secure leadership buy-in, drive revenue, and demonstrate maturity to prospective clients.
Ready to take command of your compliance and risk operations?
To see the Hyperproof platform in action, schedule a demo with our team today.
