Case Study
How Thales Leveraged Hyperproof to Integrate Risk, Compliance, and Audit Management
Frameworks
ISO 27001
//
SOC 2®
//
PCI DSS
//
HIPAA
//
+3 more
Thales is a global technology leader with more than 83,000 employees on five continents. Thales provides solutions, services and products in the markets of defence, aerospace and space, cyber, and digital to help their customers carry out their critical missions.
Product Used: Risk Module, Compliance Module, Scopes
Quick Facts: Aerospace and Defence // Global
The Challenge
Navigating global data compliance and ensuring secure SaaS solutions
As Thales expanded their product lines and acquired new entities within their cybersecurity business, their compliance landscape grew increasingly complex. The team needed a modern governance, risk, and compliance (GRC) solution that could scale with the business, streamline operations across teams, and reduce the manual burden of meeting evolving regulatory demands. Thales actively manages several compliance initiatives, including ISO 27001, SOC 2®, and CSA STAR, while preparing to add future frameworks such as FedRAMP and PCI DSS. With customer demands continuously evolving, the team sought a solution that would allow them to easily onboard new certifications by reusing existing controls and mapped requirements.
Need to mediate between auditors and stakeholders
Because their audit requirements do not map one-to-one between the requirement and the interpretation applied to the organization’s environment, Thales’s GRC teams play a key role in facilitating communication between auditors and other stakeholders. While this ensures alignment, it can result in a less streamlined process, making audit management more challenging.
Difficulty managing multiple audits across teams and product lines
With multiple product lines and four internal compliance teams — including teams from recent acquisitions — Thales needed a platform that could flexibly support varied control environments. Each team operated with slightly different processes and requirements, depending on the product. Thales needed visibility into these differences to drive alignment and streamline efforts over time. As Thales added new products to existing certifications, they required a scalable approach to managing overlapping and product-specific controls without having to start from scratch each time.
Managing multiple audits per year and data across different product lines was no longer scalable. Thales needed to streamline ownership of controls and evidence collection with internal subject matter experts and stakeholders, as tracking the status of their audit has been a complex task.
Lack of visibility into integrated risk management activities
Thales needed visibility into their risk management activities and compliance posture to prepare for internal audits. With existing disparate systems and tools, they needed a repository for collecting audit evidence, documenting controls, and effectively tracking risks. They also needed the ability to tie risk management, internal audit, and compliance activities together to operationalize their processes.
Need for software with intuitive reporting and seamless UI/UX
The Thales GRC team members had previously used GRC platforms where initial setup and naming conventions posed challenges. They were also familiar with risk and compliance software that was difficult to navigate, rigid, and unintuitive. Many of the systems they had used were complex and required additional guidance for effective utilization. Finding the right solution was paramount to the success of their GRC program.
Hyperproof is an easy-to-use, control-centric compliance operations software that helps us gain compliance visibility and realize efficiencies.
Andrea Lake-Johns
Cloud Services Compliance Officer, Thales
Solution
Simple onboarding with guided implementation
The Hyperproof team’s flexible approach helped the Thales GRC team adjust their changing priorities throughout implementation, still hitting all milestones to completion in time for their PCI DSS audit. “The Implementation team was detail-oriented, very articulate, and knowledgeable about the features and functionality of Hyperproof to help address our questions,” says Jerry Aguilar, GRC Manager at Thales. “Our implementation manager was always responsive and kept us in the loop when dealing with our escalations.”
The guided implementation made a significant impact. The team was highly professional and supportive.
Cynthia Yin
Head of Cybersecurity Products GRC, Thales
Streamlined audit management and reporting
With Hyperproof, Thales has full visibility into their external audits. With a reporting dashboard for each audit, they’re able to understand where they stand at any point in time. Whether they’re comparing evidence request lists or the evidence provided across various audits and auditors, the ability to see audit progress in real time is invaluable to their teams.
Improved user experience and ease-of-use
Hyperproof required no in-depth training to get set up. The Thales GRC team leverages Hyperproof’s customization and intuitive UI and UX by using a different numbering scheme, adding or removing a custom field, and more. Navigation is simple, with a short learning curve. They love the way objects can be linked to multiple other objects and that nothing is set in stone. For example, the name of a proof or a label can be changed, and that change will propagate to everywhere that object is linked.
Templates to stand up programs quickly
With the built-in requirements templates and controls, it was quick for Thales to get PCI DSS and ISO 27001 programs set up. With Hyperproof supplied control and requirement wording, it was simple to get started. Setting up external audits is also quick and easy for the Thales GRC team, with request list templates built right into Hyperproof.
Enhanced risk visibility and compliance efficiency
Hyperproof helps Thales prioritize risk remediation efforts by providing a single repository to view risks, helping them assess and categorize risks based on their potential impact and likelihood. With Hyperproof’s real-time data and customizable risk metrics, they can streamline the identification of critical risks and compliance gaps that need immediate attention. The Thales GRC team also uses Hyperproof to map requirements reliably across multiple frameworks. Hyperproof’s control mapping enables Thales to understand what steps they need to take to implement new frameworks at a glance, and the platform’s reporting capabilities help them answer stakeholder questions about adopting new frameworks quickly and accurately.
Hyperproof empowers us to make data-driven decisions that enhance operational efficiency and proactively manage risk.
Cynthia Yin
Head of Cybersecurity Products GRC, Thales
Easily identify gaps and control inconsistencies with Scopes
With Scopes, Thales’s GRC team has quickly pulled their compliance programs into one place, allowing them to have different control postures as they move toward complete control consistency across the organization. From there, the teams can easily see gaps and inconsistencies in control operations and filter views to get rich, targeted reporting. Hyperproof’s Scopes feature has helped Thales integrate new product lines faster because they can now quickly identify differences across controls and remediate them.
The dashboard provides a clear, up-to-date view of our risk landscape, enabling us to monitor key risks and track compliance metrics seamlessly. Its real-time data ensures that leadership is always informed of the current risk status, helping them make timely and data-driven decisions.
Cynthia Yin
Head of Cybersecurity Products GRC, Thales
Efficient proof and evidence management
One of the Thales GRC team’s favorite Hyperproof features is the ability to reuse evidence across multiple frameworks. With Hyperproof, Thales only needs to upload evidence once and can repurpose it across all of their programs, saving hours of time and effort. Being able to easily leverage the proof collected by others, as well as locating proof via search and Labels, is another highlight for the team.
By centralizing governance, risk, and compliance data, Hyperproof enables us to report on and mitigate risks more efficiently, ensuring ongoing compliance and regulatory adherence.
Cynthia Yin
Head of Cybersecurity Products GRC, Thales
Ready to take command of your compliance and risk operations?
To see the Hyperproof platform in action, schedule a demo with our team today.
