How Strada Education Network Sped Up Evidence Collection by 60% with Hyperproof

The Challenge

In 2023, Strada Education Network will need to increase SOC 2 Type 2 coverage to two additional parts of their business. They also wanted to audit the organization’s current controls against the CIS Critical Security Controls to identify security gaps and improve controls. Lastly, as the organization’s security and compliance needs have grown, Strada’s IT Security team realized that using Google Sheets to manage their security compliance program wasn’t a scalable solution. It was time to find a more robust software platform that could support the organization’s IT risk management and compliance efforts at scale.

Alex Scoble, Head of IT Security and Matt Raskin, Cloud Engineer co-led the effort to evaluate potential solutions. They identified four key capabilities as a must-have:

1. Ease-of-use

The Security team wanted software that would be easy-to-use for managing risks, compliance requirements, controls, evidence (or compliance artifacts), and audits. Scoble and Raskin felt that it was crucial that their colleagues outside of security and compliance feel comfortable with the tool so that they would be able to easily participate in the compliance process.

2. Google Drive Integration

Demonstrating that an organization has consistently enforced its internal security policies is an essential task companies need to pass security compliance audits. Strada Education Network wanted to continue to manage their company policies in Google Drive folders instead of manually uploading new policy documents into their GRC software or using a policy management module within a GRC tool. They wanted their compliance software to stay in sync with Drive folders and automatically pull in the latest version of a policy or procedure from Drive whenever the policy owner updated a policy document.

3. Automation

Automation was a critical trait for Strada Education Network’s security team because it would boost their productivity level and eliminate human errors that can result in problematic audit findings. Specifically, Raskin wanted their chosen software to integrate with the tools the organization was already using so that evidence collection, task assignment, reminders, and notifications could be automated as much as possible. They use Google Cloud, JumpCloud, ADP, Github and Salesforce and a number of other systems.

4. Risk and Compliance Management

Strada wanted to find a single tool that can support both risk and compliance management in one place. It is important for users of the risk register to be able to link their risks to controls so that actual risks can be accurately identified in real-time.

Results

1. Intuitive UI Helps Strada Education Network Foster a Culture of Security and Compliance

Thanks to Hyperproof’s intuitive UI, it’s been easy for Raskin and Scoble to onboard other teams to work with them in Hyperproof. Each person’s responsibilities are well documented in Hyperproof and users can understand what the compliance team is asking them to do. Members outside the compliance team have gained a new appreciation for the value of security and compliance. With built-in dashboards, Raskin and Scoble are able to get new insights into their compliance posture, including real-time statuses of what’s been done vs. what’s outstanding, which has made it easier for them to hold people accountable for completing tasks that support the audits.

2. Strada Can Maintain Its Current Policy Management Process in Google Drive

In addition to Hyperproof, Scoble evaluated a number of other GRC tools and found that they didn’t allow his team to work the way they preferred. For instance, his team preferred to continue to use Drive to manage their company policies, but some GRC products pushed them to migrate their policy management process into their products — a workflow disruption the team wanted to avoid. On the other hand, Hyperproof enables his team to continue to work how they like. It is also easy to use, integrates with multiple tools in the organization’s tech stack and delivers the efficiency gains the team needs from a GRC software.

3. Evidence Collection Processes Are 50-60% Faster

Hyperproof now serves as Strada Education Network’s central repository for controls and compliance artifacts. Raskin and Scoble have set up Hypersyncs – data connectors that automatically extract compliance artifacts (e.g. configuration reports) — from the systems Strada uses to eliminate the need to take screenshots from different systems or book meetings with stakeholders to request evidence. As a result, Raskin saves hours of time so they can focus on the more important parts of the compliance process. As Raskin continues to add more of their datasets into Hyperproof, he anticipates he will save even more time on evidence collection in the future: close to 70-80%.