Qorus Software Uses Hyperproof to Gain Control Over Its Compliance Program
Bellevue, WA, USA
- SOC2 Type 2
Qorus is a global provider of sales enablement and proposal management platforms, allowing you to work anywhere to quickly and easily build targeted and compelling proposals, track their performance and provide collaboration across sales, marketing, and business development teams. Qorus was recognized by G2 with three awards, high performer, best support, and users love us, by its customers in 2020, and is expanding their presence in North America, with a growing roster of clients.
The company views its compliance program as a crucial element in its innovation strategy.“ At Qorus, we believe that maintaining an effective compliance program is crucial to the success of our customers, our employees and our business as a whole,” says Johan Olivier, Director of Compliance at Qorus.
“Further, a strong compliance program also allows our organization to stay resilient and nimble when our environment changes and the unexpected happens (e.g. COVID-19). As our business grows, it’s important to question every aspect of our business and understand how proposed decisions may change our risk profile so we can develop systems, processes and policies to mitigate those risks as they emerge. By maintaining a habit of on-going risk assessments and internal controls evaluations, we’re able to build our business on a strong foundation, adapt quickly to change — all while keeping our risk profile low.
Director of Compliance at Qorus
Lastly, a strong compliance program supports employee engagement and increased productivity. For employees to do their best work, they need to have clear guard rails for making decisions large and small. When we are able to translate our company values into clear, effective controls — policies, procedures and protocols — it simplifies decisions employees have to make and frees up time for them to do their best, most innovative work.”
Building an effective compliance program that supports the objectives of a global, fast-growing technology company is far from easy. There are people, process and technology challenges that Olivier and his team must solve. According to Olivier, the compliance team faces the following challenges:
- The team needs to create policies, procedures and technical safeguards that enable the organization to remain operationally flexible and resilient.
- Maintaining alignment between geo-distributed offices in Bellevue WA, and Cape Town, South Africa.
- The team has to meet traditional compliance requirements in a cloud-based, distributed, remote work environment.
- The team must translate hundreds of compliance program requirements from industry frameworks (e.g. SOC 2) into a well-structured plan with key milestones and progress monitoring.
- The team needs to collect, store and keep hundreds of evidence files up-to-date so they can pass the SOC 2 Type 2 exam and ensure that all internal controls stay current and relevant as the company grows rapidly.
Director of Compliance at Qorus
By using Hyperproof, Qorus achieved the following results:
Kickstarted SOC 2 with a pre-built template
Evidence always stays up-to-date
Stays on track with Hyperproof dashboards
Gained Control Over Their Compliance Program, Saved Time, and Built a Culture of Compliance
Before Qorus started using Hyperproof, Olivier felt that getting their compliance program into shape and ready for the SOC 2 Type 2 exam was a challenge. With Hyperproof’s out-of-the-box template for SOC 2, the compliance team had a solid plan to tackle the SOC 2 program.
“Hyperproof’s out-of-the-box SOC 2 template was structured in a way that immediately reduced the complexity involved in preparing for the audit. Hyperproof helped us understand the requirements domain by domain, so we could break down the requirements into smaller parts, form a plan to tackle each section. For instance, we could first look at the SOC 2 trust criteria—Privacy—and tackle that before turning over to the Security criteria,” says Olivier.
Further, with Hyperproof serving as a single source of truth for the company’s compliance program, Olivier could easily roll out compliance controls across geo distributed offices. Hyperproof was built for collaboration. It eliminates the need to use manual emails and calendar invites to remind colleagues to get their work done.
With Hyperproof, Oliver is able to invite team members and colleagues into the tool, assign tasks, and have people do their work directly on specific controls. Team members responsible for operating controls have access to Hyperproof; everyone can see exactly which controls they are responsible for, and when they need to provide up-date-evidence for the SOC 2 exam.
Hyperproof has also made gathering evidence much easier. The application allows Olivier and his team to upload existing documents using an intuitive interface, attach evidence to the appropriate control and immediately start reviewing them. Hyperproof allows Oliver’s team to dramatically reduce the amount of time they spend looking for evidence. As a result, the team gets time back to focus on other strategic work.
Director of Compliance at Qorus
A Team that Listens and a Product That Evolves Based On Customer Input
“In addition to the product, we have been impressed with the people at Hyperproof. The Hyperproof team is exceptional because they put their customers first. We feel like we’re on the same team. Our questions, feedback and suggestions are well-received. The Hyperproof engineering team’s approach to continuous deployment means the features we requested are rolled out faster than we’d expect,” says Olivier.
Why Qorus Started Looking for Compliance Operations Software
Qorus’ customers are security conscious organizations. To verify Qorus’ security posture, Qorus customers sent Olivier's team security questionnaires. Responding to these security questionnaires was a major tax on the compliance team’s time and slowed down the progression of new deals.
To solve this challenge, Qorus decided to pursue the SOC 2 Type 2 certification from the AICPA, because it represents a more efficient way to convey assurance and credibility to their customers. However, getting ready for the SOC 2 Type 2 exam poses several challenges.“Before we had Hyperproof, we tried to manage our SOC 2 effort in Excel spreadsheets, and email threads. We didn’t have a structured process for approaching this project, which led to duplication of effort. We weren’t clear on what certain compliance requirements meant, or how to best tackle the requirements piece by piece. The whole project felt so large and overwhelming”, said Olivier.
The team needed a tool that helped them translate the SOC 2 criteria into a well-structured plan, break down the key milestones, so the team can gain clarity on what needs to be done, complete the tasks and gauge progress day-to-day as they prepare for the SOC 2 Type 2 exam. Furthermore, the team wanted a faster, better way to collect, store, and keep all evidence up-to-date as the organization continues to evolve, and its policies and procedures mature.
“We chose Hyperproof because the team of experts at Hyperproof first advised us on how to get the job done, then they provided the tools. In this information age, we’re easily overwhelmed by the number of choices we make daily, including having to choose the most appropriate software tools to reach a specific goal. Instead of having to spend hours searching for the right compliance software, the team at Hyperproof helped us first appreciate an effective approach to compliance. Then, they offered us a very simple and powerful tool that gets us from point A to point B in the shortest, most accurate and direct way.”