Case Study
How Hyperproof and HyperComply Help Manage Compliance and Security Questionnaires Across a 22k Employee Organization
Frameworks
CMMC
//
SOC 2
//
NIST CSF
//
ISO 27001
This Hyperproof and HyperComply customer has 22,000 employees, spans 50 countries, and serves over 120,000 customers. They are one of the world’s largest distributors of electronic products, services, and computing solutions, and they leverage HyperComply and Hyperproof to properly manage their cyber risk program and achieve company-wide goals.
Quick Facts: Electronic Solutions Distributor // Global
91% automation of questions submitted to security questionnaires
Automated evidence collection saves dozens of hours of time
Ability to scale without adding additional headcount
The Challenge
Managing 200 security questionnaires per year
The Customer’s Director of IT Risk handles about 200 security questionnaires per year, and completing them was taking up the valuable time of multiple IT risk team members and resources from other lines of business. Collaboration to complete them was spread across multiple time zones, often resulting in it taking 2-3 weeks to get a security questionnaire completed.
There was zero automation and no digitization of the process, leading to gross inefficiencies.
Director of IT Risk
Like many enterprise companies, this customer hit an inflection point where they knew there had to be a more efficient way to address customer requests and service questionnaires. They turned to HyperComply and Hyperproof to find a more repeatable way to eliminate these tedious activities.
Many of our IT Risk processes directly support a global sales organization in facilitating the closure of a contract with a questionnaire or helping to instill compliance confidence with a tough, educated, and demanding customer. We need to demonstrate our value to the org every day so driving efficiency to shorten cycle times is crucial.
Director of IT Risk
Teams felt immense pressure due to the volume of questionnaires, and managing this process consumed valuable hours of time that could be spent working on more strategic business initiatives.
Like many other organizations, the customer was attempting to manage these complex processes with ad-hoc tools like Excel, SharePoint and other Microsoft products. They even purchased a 1-year subscription to another tool that didn’t meet their UX or R&D journey goals for feature enhancements.
20-30 overwhelming annual audits for multiple compliance frameworks
On top of questionnaire requests, the Director of IT Risk was completing over 20-30 major audits per year, including SOX, PCI DSS, ISO 27001 and building a CMMC program for their aerospace and defense business units. Additionally, they were managing third-party risk as well with over 40 suppliers and customers with audits their team supports directly or indirectly.
We were looking for a solution that could get our IT risk analysts off the phone with auditors and eliminate the tedious screen-sharing activities and conference call scheduling logistics just to show an auditor a piece of evidence.
Solution
Automated evidence collection
Instead of spending hours of time manually collecting evidence for audits and questionnaire responses, this customer now leverages Hyperproof’s 70+ of integrations to automate evidence collection, ensuring evidence is always up-to-date and accurate. They can reuse evidence in security questionnaires and across multiple controls and frameworks to save hours of time.
Audit fatigue is a thing of the past
With Hyperproof, this customer can streamline audit preparation by centralizing their work in a single place and leveraging automation to ensure your evidence is up to date to satisfy auditor requests. Hyperproof enables them to easily collaborate with their auditors, where they can work alongside the customer’s team in the platform’s dedicated audit space to share information. This dedicated audit space securely shares the data auditors need while keeping the rest of the customer’s data secure and safe.
Scaling compliance management and questionnaire completion with platforms, not added headcount
The Director of IT Risk ran an initial pilot with HyperComply to see how good the automation process was, and he was excited to see that for the very first questionnaire HyperComply was able to auto-complete, more than 91% of the questions submitted. The Director of IT Risk stated, “Other solution platforms will attempt to “box you in,” with a short POC timeframe and a letter of commitment at the end. HyperComply did no such thing.” He continued:
They had our instance up and running in record time, provided some basic primers and training, and then let us run free. They let the value of the product sell itself.
Director of IT Risk
The Director of IT Risk knew that to demonstrate compliance to customers and prospects in the form of security questionnaire responses, they also needed to centralize their risk management and compliance operations processes in a platform. They decided to partner with Hyperproof to streamline their risk management, compliance operations, and audit workflows, and get information in one centralized place.
Beyond questionnaires
Beyond completion rates with HyperComply Respond, the Director of IT Risk was also excited by the future of HyperComply’s information-sharing tools and the capabilities around our vendor management product.
The HyperComply product, development and leadership team have been wonderful to deal with. I have rarely seen other SaaS platforms move this quickly.
Director of IT Risk
HyperComply has been adopted across numerous teams at multiple levels at the customer for questionnaire completion, document sharing, and vendor management. The customer has saved time completing questionnaires and has improved their collaboration both with customers and internally between sales, product, IT risk, and engineering.
VPs of Asset and Product within our company have been very impressed with the platform, some of whom have been direct beneficiaries and users of the platform to support audits and questionnaires.
Director of IT Risk
Alongside HyperComply, Hyperproof has helped the customer efficiently provide assurance to customers, regulators, and partners that they take security, privacy and compliance seriously. Maintaining the trust of customers is crucial, and Hyperproof allowed them to digitize the process and scale the solution “with a platform, not headcount which is limiting from an investment liability perspective,” according to the company’s Director of IT Risk.
The Future
Introducing the HyperComply and Hyperproof Integration
When we asked customers what they wanted to see in the future of our partnership with Hyperproof the response was unanimous: We want to use our HyperProof information to automatically fill in security questionnaires. So we built it.
HyperComply and Hyperproof are excited to announce that customers can now seamlessly pull controls from your Hyperproof account into HyperComply and respond to security questionnaires 18x faster with our integration.
HyperComply’s CEO and Co-Founder, Amar Chahal, said this at Hyperproof’s inaugural user and compliance conference earlier this month:
Mutual customers will be able to regularly sync their control information from their Hyperproof account and map them into security questionnaire answers automatically. This will allow Hyperproof users to respond to questionnaires more quickly and more accurately than before.
Conclusion
With Hyperproof, the customer was able to create a single source of truth for compliance and automated routine, repetitive work, steamlining workflows and reducing work for teams across the organization.
To see the Hyperproof platform in action, schedule a demo with our team today.