Case Study
Hyperproof Customer Uses the Platform to Manage Security Assurance Programs at Scale
Frameworks
ISO 27001/27017/27018
//
CSA STAR Level 1 &2
//
CITC
//
SOC 2 Type 1 & 2
This Hyperproof customer is a B2B customer engagement platform that helps organizations to delight customers with remarkable omnichannel experiences. By unifying communication channels, messaging apps, and chatbots, they streamline conversations at every touch point throughout the customer journey.
This Hyperproof customer has users across several countries in the Middle East. They saw an incredible expansion in their customer base in the last year. The company’s employee base doubled in the past year to support their growth.
Quick Facts: Computer Software // Multiple Countries in the Middle East
The Challenge
As their business expanded, organizational leaders knew that it would be important to quickly establish and mature security operations and compliance functions. Their users leverage APIs to support many types of communications (SMS, voice, messaging apps) and need assurance that the API products are secure. To demonstrate its commitment to security, they set an ambitious goal to achieve five new data security standards/certifications in the next 12 months.
The Engineering Manager of Digital Enablement at this company is responsible for developing and implementing digital transformation and cyber security plans to improve business growth, cost-effectiveness, and service quality. Given their areas of expertise, this individual was put in charge of the company’s infosec compliance projects. To manage the volume of the anticipated work in compliance, they decided to find a software platform that could help them organize, improve, and automate the compliance work that needed to be done.
Last year, we achieved our ISO 27001 certification. We did the work manually and used a mix of tools including spreadsheets, email and JIRA and Google drive. It was challenging to keep track of everything and to find information when I needed it. Communicating with control owners and with the auditor took a lot of time. To get better at compliance and handle the high volume of work, we needed to leverage software that can provide a central hub for information-sharing, collaboration. We needed technology that automates the work as much as possible,”
Results
Reduce time spent on responding to audit requests by 50%
This Hyperproof customer was able to save a significant amount of time on the SOC 2 Type I audit (the formal audit phase) by using Hyperproof’s Audit Module as the central hub for information exchange and communication between them team members and their external auditor.
Meet new compliance requirements in a shorter period of time
They set an ambitious goal to achieve five new data security standards/certifications within the next 12 months. Their Engineering Manager of Digital Enablement believes that by using Hyperproof to organize, streamline, and automate the work, they are setting his organization up to achieve their compliance goals sooner than originally planned.
Improved response time to customer questions
By creating an organized catalog of the company’s security controls within Hyperproof, this company could quickly find the details needed to answer specific customer questions about the company’s security posture, improving response time to questions.
Why Hyperproof
This customer evaluated a number of compliance software tools and chose Hyperproof for three key reasons:
Detailed Results
How This Customer Used Hyperproof to Streamline Information Sharing and Communications Around Their SOC 2 Audit
This customer decided to use Hyperproof as its operations hub for its SOC 2 readiness work. Workflows being managed within Hyperproof include:
By moving these workflows into Hyperproof, this customer reduced the volume of back-and-forth communications that happen before and during audit significantly. Preparing for the SOC 2 Type I Audit was far easier than preparing for the ISO 27001 certification work last year. For the ISO 27001 audit, stakeholders primarily used email to collaborate and get work done. They had to provision the external auditor access to company tools like G-Drive and JIRA so they could review evidence. They also had to play the role of intermediary and translator between the auditor and internal control owners in the company whenever the auditor asked questions.
This time around, the SOC 2 auditor was able to review everything they needed directly in Hyperproof. When the auditor needed clarification or to ask a question, they would direct their questions to the control/process owners (who also have access to Hyperproof) and were able to get answers back without the team’s involvement.
This customer estimates that by using Hyperproof to run the audit, they were able to spend 50% less time during the audit than when he ran audits without Hyperproof.
Accelerate the pace of control mapping work to become compliant in new standards faster
This customer chose Hyperproof because it allows them to streamline control maintenance while satisfying multiple compliance framework requirements. In Hyperproof, they can easily reference the requirements of all compliance frameworks the organization needs to satisfy and map existing controls to program requirements in bulk. Control owners can note additional details on each control. For example, they can call out that it satisfies multiple requirements.
“To differentiate ourselves and demonstrate our commitment to security, we’re planning to achieve several new assurance standards/certifications by the end of 2021 — including SOC 2 Type I and Type II, ISO 27017, ISO 27018, CIPC, CSA STAR Level 1 and Level 2. To address our compliance needs, we need a tool that helps us crosswalk our controls and gain visibility into their effectiveness in real-time. Hyperproof showed us they have the capabilities to support us on this journey and get the job done well,” says this customer.
Improve response time to customer questions
This customer’s users often have questions about the company’s security posture. Answering customer’s questions takes up a sizable chunk of time because it’s not always straightforward to find the correct information. Now that the company’s security controls and details about how those controls function reside in Hyperproof, they can answer specific security questions from customers more easily and get the right answers back to customers much faster than before.
“Because all of our controls and the details about how those controls function are stored in Hyperproof, I can easily retrieve information I need to answer customers’ questions,” says this customer. “Our organization is able to be responsive to our customers and demonstrate that we are working towards becoming first-in-class from a security standpoint.”
Because all of our controls and the details about how those controls function are stored in Hyperproof, I can easily retrieve information I need to answer customers’ questions,” says this customer. “Our organization is able to be responsive to our customers and demonstrate that we are working towards becoming first-in-class from a security standpoint.
Take a risk-based approach to security
While their immediate focus is on getting their SOC 2 Type 2 report, the security team wants to take a risk-based approach towards managing its controls going forward. For instance, they are planning to import their risks, which are currently documented in spreadsheets, into a central Risk Register in Hyperproof and link those risks to controls/risk mitigation activities in Hyperproof. This allows the organization to monitor how risks are changing in real time based on the status of risk mitigation activities. They also have plans to use Hyperproof to test their controls on an ongoing basis.
Conclusion
With Hyperproof, the customer was able to create a single source of truth for compliance and automated routine, repetitive work, steamlining workflows and reducing work for teams across the organization.
To see the Hyperproof platform in action, schedule a demo with our team today.