How Clara built proactive compliance management and boosted responsiveness with Sprinto
Clara is the leading solution in Latin America for corporate expense management. Clara’s AI-powered platform integrates customizable corporate credit cards, reimbursement modules, and finance management in one place–to automate operations and provide finance teams with the efficiency, control, and insights to make smarter decisions.
Key requirements
A platform supporting multiple frameworks, to centralize documentation and evidence collection, and enable real-time visibility and compliance monitoring via seamless integrations, with an aim to streamline audits, vendor assessments, and trust demonstration
Sprinto solution
A compliance management solution with extensive cloud integrations to automate risk and compliance tracking, centralize compliance documentation, and produce a real-time, consolidated view of compliances, enabling efficient vendor management and security questionnaire responses
ISO 27001
PCI-DSS
Brazil
70% faster
Security questionnaire responses
60% increase
In risk responsiveness
Unified
Compliance management
Compliance-first
Security culture
Ready to get started?
The Challenge: Centralizing compliance management for smooth audits
At Clara, compliance is about more than accelerating enterprise deals, it’s also a crucial trust-building avenue, especially within the tightly regulated business landscape in which the company operates.
When Raquel Hernandez, VP of engineering, joined Clara, the company was in the process of getting its first PCI-DSS certification. However, due to the novelty of this mandate, evidence collection was manually driven and managed over multiple documents and spreadsheets.
“We were pretty much managing audits manually, so there was a ton of back-and-forth to build all the documentation we needed. We didn’t have a centralized system for monitoring, which made compliance reactive rather than proactive,” explains Raquel.
Keen on unifying audit management, the Clara team set about scouting for a compliance platform that could centralize control monitoring and take over busywork by integrating with their cloud stack, and bring visibility to the company’s posture to prove security to enterprise prospects.
With Sprinto meeting these criteria, and beating out other platforms due to wider framework coverage, the Clara team decided to integrate with the Sprinto platform to pursue ISO 27001 and manage their PCI-DSS audits.
Sprinto stood out for a few reasons–support for multiple frameworks out of the box, strong automation and integrations, and the team’s responsive, risk-first approach. Overall, the platform aligned well with our engineering culture.
The Solution: Automated compliance monitoring and real-time visibility, powered by rich integrations
Clara went live with the Sprinto platform in 4 weeks after onboarding.
The team customized Sprinto’s policy templates and linked policies to controls, set up the pre-built risk register, and leaned on the platform’s extensive integrations with Clara’s cloud stack (AWS, Github, BambooHR, Incident.io, and more) to start monitoring controls and auto-collecting evidence.
Sprinto’s Common Controls Framework (CCF) enabled the Clara team to identify overlaps between ISO 27001 and PCI-DSS frameworks and reuse controls–so the team could minimize duplicative work and get audit-ready faster.
The Clara team additionally leveraged Sprinto’s BYOC (Bring Your Own Controls) to add custom controls for Brazil’s data protection regulation (LGPD) and map these to pre-built, automated evidence collection workflows, wherever possible.
With Sprinto’s dashboard up and producing a real-time, consolidated view of Clara’s risks, vendors, assets, controls, and evidence, the team could actively monitor posture, reduce compliance workloads, and make compliance management a shared responsibility in the company.
“I’ve been through PCI audits before at a previous company, and it was pretty disruptive—we had to pull engineers off the roadmap and go all hands on deck just to get through it. At Clara, we’ve been more proactive, the engineering team was able to move smoothly without having to pause day-to-day activities, even during pre-work for PCI audits,” says Raquel, comparing audit prep with Sprinto to a manual approach.
After monitoring PCI-DSS and ISO 27001 controls for 3 months and steadily moving to audit readiness, Clara was ready to take on audits, which the company cleared with zero findings.
We’re actively monitoring our frameworks and working on what needs to be done to maintain our posture–whether that involves creating control and risk owners, keeping our risk register up to date, or regularly assessing our vendors. With Sprinto running automated checks we’re able to understand the state of our compliance in real-time.
The Results: Proactive compliance management and a compliance-aligned culture
As Clara continues to manage PCI-DSS and ISO 27001 compliance on Sprinto, the platform’s purpose has expanded from a tool to organize audit readiness efforts to a core part of how the Clara team approaches risk, security, and compliance.
“Sprinto is part of our compliance backbone. Outside of helping us maintain continuous audit readiness we use the platform to manage third-party risks, align with evolving regulatory expectations, and as a driver of efficiency in compliance management,” says Raquel.
Today, Clara has made its vendor due diligence process more organized and centralized by bringing vendor documentation, breach monitoring, and risk tracking under the umbrella of Sprinto’s vendor risk management (VRM) module.
The company has also made risk responsiveness up to 60% faster by connecting risks to controls on Sprinto, enabling accelerated risk identification.
“On Sprinto we get real-time information about risks, so we can stay one step ahead. We address risks as soon as they pop up,” Raquel adds.
Efficient trust demonstration has been the cherry on top, in no small part due to consolidating all of their vendor and security documentation in Sprinto’s knowledge bank.
Raquel explains – “All the information’s centralized making it easy to respond when prospects send us questionnaires. We typically receive multiple requests, so it’s really nice to be able to scale trust instead of having to respond manually every time. I’d say we’re about 70% faster at responding per questionnaire.”
Now the Clara team has set their sights on bringing further degrees of automation to how they manage vendors and increasing their compliance footprint in Latin America and beyond as they continue to scale new heights.
Sprinto has helped us shift the mindset around security compliance and embed it into our culture. As we continue to scale securely, we’re turning compliance into a strategic asset and not just a box to tick. Compliance is about trust building and operational excellence, and Sprinto has allowed us to leverage these for growth.