Case Study
Outreach Streamlines and Automates Security Assurance Work With Hyperproof
Frameworks
SOC2
//
ISO 27001
//
ISO 27701
//
HIPAA
//
SOX
Outreach is a market-leading sales execution platform that manages and automates customer interactions throughout the sales cycle, resulting in increased productivity and revenue lift.
Product Used: Compliance Operations Module, Risk Register Module, Vendor Risk Management Module
Quick Facts: Software Service Provider // Seattle, WA
75%
reduction in audit prep time
35%
reduction in evidence requests for other teams
2X
Able to manage 2x the amount of audits
50%
reduction in time spent on evidence collection, collaboration, and project management
The Challenge
As a fast-growing global tech company, Outreach needed to be compliant with numerous data security, data privacy, and financial frameworks like SOC 2, SOX, ISO 27001, and ISO 27701. As their compliance requirements grew, so did the amount of work for Outreach’s GRC team and control owners across the organization. Outreach’s need for a single solution that could serve as SOX, SOC 2, and ISO compliance software became critical. Josef Fukano, Director of GRC at Outreach, and Mike Caldwell, Senior Program Manager of GRC at Outreach, wanted a platform that provided a single source of truth for compliance and automated routine, repetitive work.
We were using Google Sheets to manage SOC 2 and ISO certification and we needed a platform that kept a pristine list of controls for easy review.
Josef Fukano
Director of GRC // Outreach
The Solution
No more messy spreadsheets
Outreach is able to manage SOC 2, ISO 27001, and ISO 27701 audits by managing their controls in Hyperproof, as opposed to using individual spreadsheets. “Hyperproof has made a big difference in helping us mature our compliance operations in just a few months,” says Caldwell.
With Hyperproof, we stood up 5 different programs, nearly 1,000 controls, multiple Labels, used Hyperproof to manage 1,500 pieces of evidence, and engaged with 47 users and contacts across our organization.
Mike Caldwel
Senior Program Manager of GRC // Outreach
Easy implementation
Outreach saw that Hyperproof was more intuitive and easier to implement than any other GRC tool or SOC 2 compliance software they’d evaluated. “With Hyperproof, we were able to build a central system for managing compliance operations in just a few months, all while using the tool to prepare for our upcoming audits,” says Fukano. “Hyperproof is intuitive enough to be used by employees who don’t have any experience in compliance.”
With Hyperproof, the learning curve is low; you don’t need a training session for everyone you onboard.
Mike Caldwel
Senior Program Manager of GRC // Outreach
A single source of truth for all controls
Hyperproof also met Outreach’s core needs for a GRC platform, which includes gaining a single source of truth for all controls, collaborating with process/control owners across the organization and automating repetitive tasks. “With Hyperproof, we can immediately understand our compliance posture because it provides a single source of truth more reliable than Google Sheets,” says Caldwell.
Hyperproof was useful on day one. We were able to quickly import our existing controls into the platform.
Mike Caldwel
Senior Program Manager of GRC // Outreach
Automated evidence collection
Outreach uses Hyperproof to conduct internal audits in preparation for formal external audits. They upload evidence for each control into Hyperproof using Labels to keep track of evidence specific to the internal audit.
Powerful integrations
Outreach set up key integrations with third-party tools like Jira to streamline collecting evidence for control testing and internal audits. Hyperproof’s integration with Jira helps the firm quickly communicate with its Engineering team to document risk treatment plans for the company’s top risks. Once Hyperproof is connected to Jira, all updates on Jira tickets (used to track work done to treat risks) are updated in Hyperproof automatically. This has provided major time-savings for Caldwell: he no longer has to log into Jira to check in on their progress, and all of the completed tasks in his risk treatment plan are automatically organized in Hyperproof as evidence for future audits.
Automated control review reminders
Outreach’s GRC team has created tasks to remind key individuals to conduct quarterly user access reviews. These tasks are sent out to the individuals automatically via Slack and email using Hyperproof’s integrations.
Outreach uses another integration with Okta to pull the list from Okta to access review control owners and verify that each user’s access aligns with their responsibilities. With the Okta integration, Outreach’s GRC team automates what used to be a manual process.
Hyperproof allows the GRC team to collaborate with control owners, helps to automate routine work, and gives us visibility into where things stand at any given time.
Josef Fukano
Director of GRC // Outreach
Conclusion
With Hyperproof, Outreach was able to create a single source of truth for compliance and automated routine, repetitive work, steamlining workflows and reducing work for teams across the organization.
To see the Hyperproof platform in action, schedule a demo with our team today.
