Case Study
How Strada Education Network Sped Up Evidence Collection by 60% with Hyperproof
Frameworks
SOC2
//
CIS Critical Security Controls
Strada Education Network is a national social impact organization dedicated to improving lives by forging clearer and more purposeful pathways between education and employment. The organization’s approach combines innovative research, thought leadership, strategic philanthropy, mission-aligned investments, and a network of affiliate organizations. Together, it works to better serve millions of individuals in the United States seeking to complete postsecondary education and training, gain clear value from those experiences, and build meaningful careers.
Product Used: Compliance Operations Module, Risk Management Module
Quick Facts: Nonprofit
50-60%
in time savings collecting evidence
31
31 Hypersyncs set up
6 Weeks
Fully implemented in 6 weeks
The Challenge
Strada Education Network’s IT Security team was using spreadsheets to manage compliance, and as they scaled their programs, they needed a more robust software platform that could support their IT risk management and compliance efforts. They needed to increase SOC 2 Type 2 coverage to two additional parts of their business and audit their current controls against the CIS to identify security gaps and improve controls.
Alex Scoble, Head of IT Security, and Matt Raskin, Cloud Engineer, co-led the effort to evaluate potential solutions. They identified four key capabilities as a must-have:
Ease-of-use
so that members outside of security and compliance are comfortable with the tool and able to easily manage risks, compliance requirements, controls, evidence (or compliance artifacts), and audits.
Google Drive Integration
to continue to manage their company policies in Google Drive instead of manually uploading new policy documents into GRC software or using a policy management module within a GRC tool.
Automation
to boost their productivity level, integrate with the tools they were already using (Google Cloud, JumpCloud, ADP, Github, and Salesforce), and eliminate human errors that can result in problematic audit findings.
Risk and Compliance Management
to find a single tool that can support both risk and compliance management in one place. It is important for users of the risk register to be able to link their risks to controls so that actual risks can be accurately identified in real time.
The Results
1. Intuitive UI and Ease-of-Use Help Build a Culture of Trust
Hyperproof’s intuitive UI makes it easy for Raskin and Scoble to cross-collaborate with other teams. Each person’s responsibilities are well documented, and members outside the compliance team have gained a new appreciation for and understanding of the value of security and compliance. With built-in dashboards, Strada can get new insights into their compliance posture, including real-time data on outstanding tasks for audits.
2. No Disruption to Policy Management Processes
Scoble evaluated a number of other GRC tools and found that they didn’t allow his team to work the way they preferred. For instance, his team preferred to continue to use Drive to manage their company policies, but some GRC products pushed them to migrate their policy management process into their products — a workflow disruption the team wanted to avoid. On the other hand, Hyperproof enables his team to continue to work how they like. It is also easy to use, integrates with multiple tools in the organization’s tech stack, and delivers the efficiency gains the team needs from GRC software.
3. Evidence Collection Is 60% Faster
Hyperproof now serves as Strada’s central repository for controls and compliance artifacts. Strada has set up 31 Hypersyncs, which are data connectors that automatically extract compliance artifacts from the systems Strada uses to eliminate the need to take screenshots from different systems or book meetings with stakeholders to request evidence. As a result, Raskin saves hours of time so they can focus on the more important parts of the compliance process.
Having a tool like Hyperproof is important because it is really hard to keep track of where you are in your compliance journey. Hyperproof takes the complexity away so you can focus on compliance work instead of just trying to manage the tool.
Matt Raskin
Cloud Engineer // Strada Education Network
4. More Efficient Security Control Assessments
Scoble has used Hypeproof to assess Strada’s controls against CIS Controls, which are a prescriptive, prioritized, and simplified set of critical security controls and cybersecurity best practices, and identify the gaps within their security program and guide future security investments. With Hyperproof’s support for CIS, Scoble can easily keep track of where things are in the assessment process and document the findings.
Hyperproof’s team has been extremely responsive. Things we’ve requested — we often find them released in the product a month or two after requesting them. It’s been gratifying to see our requests get into the roadmap and then implemented so quickly.
Alex Scoble
Head of IT Security // Strada Education Network
Conclusion
With Hyperproof, Strada Network was able to create a single source of truth for compliance and automated routine, repetitive work, steamlining workflows and reducing work for teams across the organization.
To see the Hyperproof platform in action, schedule a demo with our team today.
