Case Study

Outreach Streamlines and Automates Security Assurance Work With Hyperproof

Outreach

Frameworks

SOC2

//

ISO 27001

//

ISO 27701

//

HIPAA

//

SOX

Outreach

Outreach is a market-leading sales execution platform that manages and automates customer interactions throughout the sales cycle, resulting in increased productivity and revenue lift.

Product Used: Compliance Operations Module, Risk Register Module, Vendor Risk Management Module

Quick Facts: Software Service Provider // Seattle, WA

75%

reduction in audit prep time

35%

reduction in evidence requests for other teams

2X

Able to manage 2x the amount of audits

50%

reduction in time spent on evidence collection, collaboration, and project management

The Challenge

As a fast-growing global tech company, Outreach needed to be compliant with numerous data security, data privacy, and financial frameworks like SOC 2, SOX, ISO 27001, and ISO 27701. As their compliance requirements grew, so did the amount of work for Outreach’s GRC team and control owners across the organization. Outreach’s need for a single solution that could serve as SOX, SOC 2, and ISO compliance software became critical. Josef Fukano, Director of GRC at Outreach, and Mike Caldwell, Senior Program Manager of GRC at Outreach, wanted a platform that provided a single source of truth for compliance and automated routine, repetitive work.

Quote Sign
We were using Google Sheets to manage SOC 2 and ISO certification and we needed a platform that kept a pristine list of controls for easy review.

Josef Fukano

Director of GRC // Outreach

Josef Fukano

The Solution

No more messy spreadsheets

Outreach is able to manage SOC 2, ISO 27001, and ISO 27701 audits by managing their controls in Hyperproof, as opposed to using individual spreadsheets. “Hyperproof has made a big difference in helping us mature our compliance operations in just a few months,” says Caldwell.

Quote Sign
With Hyperproof, we stood up 5 different programs, nearly 1,000 controls, multiple Labels, used Hyperproof to manage 1,500 pieces of evidence, and engaged with 47 users and contacts across our organization.

Mike Caldwel

Senior Program Manager of GRC // Outreach

Mike Caldwell
Easy implementation

Outreach saw that Hyperproof was more intuitive and easier to implement than any other GRC tool or SOC 2 compliance software they’d evaluated. “With Hyperproof, we were able to build a central system for managing compliance operations in just a few months, all while using the tool to prepare for our upcoming audits,” says Fukano. “Hyperproof is intuitive enough to be used by employees who don’t have any experience in compliance.”

Quote Sign
With Hyperproof, the learning curve is low; you don’t need a training session for everyone you onboard.

Mike Caldwel

Senior Program Manager of GRC // Outreach

Mike Caldwell
A single source of truth for all controls

Hyperproof also met Outreach’s core needs for a GRC platform, which includes gaining a single source of truth for all controls, collaborating with process/control owners across the organization and automating repetitive tasks. “With Hyperproof, we can immediately understand our compliance posture because it provides a single source of truth more reliable than Google Sheets,” says Caldwell.

Quote Sign
Hyperproof was useful on day one. We were able to quickly import our existing controls into the platform.

Mike Caldwel

Senior Program Manager of GRC // Outreach

Mike Caldwell
Automated evidence collection

Outreach uses Hyperproof to conduct internal audits in preparation for formal external audits. They upload evidence for each control into Hyperproof using Labels to keep track of evidence specific to the internal audit.

Powerful integrations

Outreach set up key integrations with third-party tools like Jira to streamline collecting evidence for control testing and internal audits. Hyperproof’s integration with Jira helps the firm quickly communicate with its Engineering team to document risk treatment plans for the company’s top risks. Once Hyperproof is connected to Jira, all updates on Jira tickets (used to track work done to treat risks) are updated in Hyperproof automatically. This has provided major time-savings for Caldwell: he no longer has to log into Jira to check in on their progress, and all of the completed tasks in his risk treatment plan are automatically organized in Hyperproof as evidence for future audits.

Automated control review reminders

Outreach’s GRC team has created tasks to remind key individuals to conduct quarterly user access reviews. These tasks are sent out to the individuals automatically via Slack and email using Hyperproof’s integrations. 


Outreach uses another integration with Okta to pull the list from Okta to access review control owners and verify that each user’s access aligns with their responsibilities. With the Okta integration, Outreach’s GRC team automates what used to be a manual process.

Quote Sign
Hyperproof allows the GRC team to collaborate with control owners, helps to automate routine work, and gives us visibility into where things stand at any given time.

Josef Fukano

Director of GRC // Outreach

Mike Caldwell

Conclusion

With Hyperproof, Outreach was able to create a single source of truth for compliance and automated routine, repetitive work, steamlining workflows and reducing work for teams across the organization.

To see the Hyperproof platform in action, schedule a demo with our team today. Related: Guide to ISO 27001