How Strada Education Network Sped Up Evidence Collection by 60% with Hyperproof
Strada Education Network
- SOC 2 Type 2
- CIS Critical Security Controls
- Compliance Operations Module
- Risk Management Module
Strada Education Network is a national social impact organization dedicated to improving lives by forging clearer and more purposeful pathways between education and employment. The organization’s approach combines innovative research, thought leadership, strategic philanthropy, mission-aligned investments, and a network of affiliate organizations. Together, it
works to better serve millions of individuals in the United States seeking to complete postsecondary education and training, gain clear value from those experiences, and build meaningful careers.
In 2023, Strada Education Network will need to increase SOC 2 Type 2 coverage to two additional parts of their business. They also wanted to audit the organization’s current controls against the CIS Critical Security Controls to identify security gaps and improve controls. Lastly, as the organization’s security and compliance needs have grown, Strada’s IT Security team realized that using Google Sheets to manage their security compliance program wasn’t a scalable solution. It was time to find a more robust software platform that could support the organization’s IT risk management and compliance efforts at scale.
Alex Scoble, Head of IT Security and Matt Raskin, Cloud Engineer co-led the effort to evaluate potential solutions. They identified four key capabilities as a must-have:
The Security team wanted software that would be easy-to-use for managing risks, compliance requirements, controls, evidence (or compliance artifacts), and audits. Scoble and Raskin felt that it was crucial that their colleagues outside of security and compliance feel comfortable with the tool so that they would be able to easily participate in the compliance process.
2. Google Drive Integration
Demonstrating that an organization has consistently enforced its internal security policies is an essential task companies need to pass security compliance audits. Strada Education Network wanted to continue to manage their company policies in Google Drive folders instead of manually uploading new policy documents into their GRC software or using a policy management module within a GRC tool. They wanted their compliance software to stay in sync with Drive folders and automatically pull in the latest version of a policy or procedure from Drive whenever the policy owner updated a policy document.
Automation was a critical trait for Strada Education Network’s security team because it would boost their productivity level and eliminate human errors that can result in problematic audit findings. Specifically, Raskin wanted their chosen software to integrate with the tools the organization was already using so that evidence collection, task assignment, reminders, and notifications could be automated as much as possible. They use Google Cloud, JumpCloud, ADP, Github and Salesforce and a number of other systems.
4. Risk and Compliance Management
Strada wanted to find a single tool that can support both risk and compliance management in one place. It is important for users of the risk register to be able to link their risks to controls so that actual risks can be accurately identified in real-time.
50-60% in time savings collecting evidence
31 Hypersyncs set up
Fully Implemented in 6 Weeks
1. Intuitive UI Helps Strada Education Network Foster a Culture of Security and Compliance
Thanks to Hyperproof’s intuitive UI, it’s been easy for Raskin and Scoble to onboard other teams to work with them in Hyperproof. Each person’s responsibilities are well documented in Hyperproof and users can understand what the compliance team is asking them to do. Members outside the compliance team have gained a new appreciation for the value of security and compliance. With built-in dashboards, Raskin and Scoble are able to get new insights into their compliance posture, including real-time statuses of what’s been done vs. what’s outstanding, which has made it easier for them to hold people accountable for completing tasks that support the audits.
2. Strada Can Maintain Its Current Policy Management Process in Google Drive
In addition to Hyperproof, Scoble evaluated a number of other GRC tools and found that they didn’t allow his team to work the way they preferred. For instance, his team preferred to continue to use Drive to manage their company policies, but some GRC products pushed them to migrate their policy management process into their products — a workflow disruption the team wanted to avoid. On the other hand, Hyperproof enables his team to continue to work how they like. It is also easy to use, integrates with multiple tools in the organization’s tech stack and delivers the efficiency gains the team needs from a GRC software.
3. Evidence Collection Processes Are 50-60% Faster
Hyperproof now serves as Strada Education Network’s central repository for controls and compliance artifacts. Raskin and Scoble have set up Hypersyncs – data connectors that automatically extract compliance artifacts (e.g. configuration reports) — from the systems Strada uses to eliminate the need to take screenshots from different systems or book meetings with stakeholders to request evidence. As a result, Raskin saves hours of time so they can focus on the more important parts of the compliance process. As Raskin continues to add more of their datasets into Hyperproof, he anticipates he will save even more time on evidence collection in the future: close to 70-80%.
Cloud Engineer, Strada Education Network
4. They Can Conduct Security Control Assessments Efficiently
To identify the gaps within the organization’s security program and guide future security investments, Scoble is assessing the organization’s controls against the CIS Controls. CIS Controls are a prescriptive, prioritized, and simplified set of critical security controls and cybersecurity best practices developed by a community of cyber-experts that can help support compliance in a multi-framework era. Hyperproof supports the CIS Controls framework in its platform so Scoble can easily keep track of where things are in the assessment process and document the findings.
Head of IT Security, Strada Education Network