How Sprinto empowered Apty and ensured on-time audit
Apty is a digital adoption platform that helps businesses scale and accelerate growth without IT overheads. It enables midsized and enterprise companies to adopt software more quickly through step-by-step on-screen training and automated process compliance. Apty has a monthly user base of roughly one million that includes leading companies like Delta Airlines, Mattel, Hitachi, and more.
ISO 27001
SOC 2
USA
40 days
Time to SOC 2 Type 1 audit readiness
15 days
Time to achieve ISO 27001 compliance
Ready to get started?
Challenge
Apty was struggling to close new deals – large clients were unwilling to partner unless they were SOC 2 compliant. With no prior experience, Apty struggled to navigate the rigors of security compliance. Figuring out auditing requirements manually and using Google to understand compliance-speak only added to the chaos and apprehension. “I was constantly worried if I’m doing something wrong and the stress was mounting,” says Roshni Sanamannavar, Head of People and Culture at the Apty, who led the compliance exercise for the startup.
At first, Apty explored working directly with an audit partner. However, this turned out to be a dreadful experience – harsh feedback and difficult conversations only punched down team confidence. Multiple meetings with the auditor and lack of clarity lead to excessive stress and bandwidth drain across functions.
Next, Apty partnered with Vanta, a compliance automation tool. “Vanta operated more as a monitoring tool,” remembers Roshni. “There were also gaps in policies and how they were mapped to controls,” she adds. Despite dedicating valuable time and resources to Vanta, Apty struggled to achieve audit readiness even after a year of using the tool.
With the project at a standstill and no considerable progress, Apty switched to Scrut, another compliance automation platform. Despite promising initial discussions, the platform’s limited automation capabilities and generic policies necessitated extensive manual work on Apty’s part. “Using Scrut felt like using an Excel sheet,” remarks Roshni. Insufficient support, unclear communication, and a rushed audit resulted in a six-month delay, made compliance challenging, and eroded the team’s trust in the tool.
Finally, Apty partnered with Sprinto just two months before their SOC 2 auditing deadline.
Right from the first conversation, we were sure Sprinto could help us get to the finish line.
Solution
Recognizing the tight deadline, Sprinto established a clear action plan and a guided implementation schedule for Apty. Because the policies from their previous vendor were generic and didn’t align well with Apty’s organizational structure, Sprinto provided new, cloud-specific policy templates. These templates allowed Apty to create better, more customized policies from scratch that effectively fit their specific needs and situations. Sprinto also connected Apty with suitable auditors to ensure audit-aligned activities right from the start.
With policies in place and training completed, Apty turned to Sprinto to map assets and entities falling within the compliance scope. Roshni highlights, “With Sprinto, we could classify our assets in AWS, for example, in a simple click-and-go manner. This ensured that we covered everything necessary to meet compliance, without overlooking anything.”
Subsequently, Sprinto’s automated control testing and evidence collection capabilities played a pivotal role in helping Apty prepare for its SOC 2 Type 1 audit on time. Collected and sampled on a dedicated audit dashboard, Apty was able to aggregate and organize its audit artifacts in a single place for a quick and seamless review.
Everything is structured very well inside Sprinto. I don’t need to look at anything unless there’s a failing task notification in my inbox.
Throughout, the platform enabled Apty to monitor security controls in real time and make progress in every aspect needed to achieve compliance. Roshni recounts how Sprinto made it easy to aggregate all third-party vendors, monitor controls for each of them, and establish policies to ensure airtight compliance across the board.
Results
Even though Apty had to start from scratch, they were able to attain SOC 2 Type 1 audit readiness within one month of implementing Sprinto.
Leveraging Sprinto’s common control mapping capabilities, Apty felt confident in adding more compliance programs. By mapping commonalities and reducing redundancy in control testing and evidence collection, Apty avoided common effort traps to achieve ISO 27001 compliance and complete the audit in just 15 days.
Sprinto-led automated checks and workflow triggers drastically reduced erroneous effort and nudged Apty towards audit readiness at top speed. Compared to other platforms, Apty saw a marked difference in ease of audit readiness and final audit experience. Remarks Roshni,
Throughout, Sprinto kept us organized and on track.
Sprinto has also significantly contributed to cultivating a culture of prioritizing compliance at Apty. What used to be a one-person effort involving manual, repetitive, and resource-intensive tasks, along with the need to seek evidence from various departments, has transformed into a fully automated, end-to-end process.
“Now it’s more organized, structured, and streamlined. We can now confidently assure our customers that we’ve followed the correct procedures,” says Roshni.