Solution

GeoIQ integrated Sprinto to streamline a multiple-standard compliance program and manage audit requirements.

As each standard involves many common controls and checks, GeoIQ decided to tackle ISO270001 and SOC 2 at once. “Since the modules were interrelated, we could roll out a more overarching, exhaustive compliance program instead of worrying about what we need to do for each standard,” remarks Rishi Agrawal, VP of Engineering & Information Security Officer at GeoIQ.

The journey began with organizing the PeopleOps function around the larger idea of compliance. Equipped with a structured plan and documentation from Sprinto, GeoIQ rallied the organization around the importance of security compliance and clarified the upcoming steps.

Meanwhile, GeoIQ focused on onboarding and tagging all infrastructure to Sprinto. “We have hundreds of AWS Lambdas and EC2 machines. We had to tag every S3 bucket as either production or non-production. This was a little bit of a task, but it was a one-time effort,” notes Rishi.

Sprinto’s UX played a key role in moving GeoIQ towards its compliance readiness goal. Rishi says, “Each aspect of compliance is comprehensively covered and categorized. With just one click, you can see how each entity is faring in terms of compliance, including people, policies, and systems.”

Sprinto is an easy 9/10 for ease of use

The comprehensive nature of the platform enabled the GeoIQ to move fast, gain useful insight into assets, including people and policies, that connect to each standard, and remediate in time. Says Rishi, “Because checks against each control come pre-built, the platform also feels easy – you don’t have to figure these things out on your own.”

Using Sprinto, GeoIQ was able to implement sweeping compliance guardrails around the entire organization. This involved creating detailed security policy documentation, configuring access management, providing security and privacy training to employees, ensuring policy acknowledgments, and other related tasks. “With alerts configured,” notes Rishi, “we only have to address the issues that are flagged.”

Results

In 2 weeks, GeoIQ was ready to enter a multi-standard security audit.

The common control mapping feature eliminated the need to perform the same checks across standards with overlapping requirements – a functionality that significantly reduced the overall time and effort. “It’s a one-time effort that pays dividends over time,” notes Rishi.

Sprinto’s auditor platform helped to make the overall audit experience quick and seamless. Collecting and sharing audit evidence was also hassle-free. Says Rishi,

The audit was painless! We anticipated it was going to be harrowing given the scope and our experience with client IT reviews. But was extremely seamless.

GeoIQ received its SOC 2 Type 2 audit report and ISO 27001 certification in 3 months.

Emphasizing the importance of maintaining compliance, Rishi highlights Sprinto’s role in ensuring continuous audit success. “Sprinto fills competency gaps. Many of our processes now follow a structured, compliant approach, whether it’s onboarding, offboarding, or matters related to asset management,” notes Rishi.