How DNIF achieved compliance and improved security credibility using Sprinto
DNIF is a cloud-native Security Information and Event Management (SIEM) platform enabling clients to detect and automatically react to cyber threats. Their data analytics platform is specifically built for customers with a large dataset who are finding existing SIEM platforms extremely expensive at scale. DNIF serves a broad category, including major BFSI businesses, data centers, automotive companies, and government establishments.
ISO 27001
SOC 2
USA
14 days
Time to SOC2 Type 2 and ISO27001 audit readiness
Ready to get started?
Challenge
DNIF plans to expand into western markets and wants to bolster its product offering by proving compliance with standards like SOC 2 and ISO 27001. Although the engineering practice is security-first and there are internal guardrails in place to ensure safe data handling, attestations would prove beneficial in making inroads into markets like the USA, which prefer and advocate for security compliance and certifications.
“Indeed, we take measures to create air-gapped environments for ensuring data security,” notes Harshal Dewoolkar, VP of Governance Risk Compliance at DNIF. “By aligning our product and practices with standards like SOC 2 and ISO 27001, we can confidently show our work. Unless assured by a third party, people don’t believe you are secure,” he adds.
Showing compliance adds a lot of weight to the product and the brand. It helps bridge the trust deficit.
Conversations with security experts underscored that traditional methods of getting compliant – chalking out their policy documents and working with auditors – would take at least 10 months. “We did not have that kind of time,” notes Harshal. Compliance automation platforms were recommended by his peers, and Harshal opted for a technology-first approach to security compliance.
Unlike others, Sprinto assured and offered the desired level of support we needed in our compliance journey.
Solution
DNIF decided to tackle SOC 2 Type 2 and ISO 27001 using Sprinto.
After integrating Sprinto into its tech stack, DNIF implemented compliance measures throughout the organization. “Launching compliance programs requires collaboration, and it helped when we explained to our team that the efforts they put in now will reap benefits over time,” notes Harshal. “The fact that this was all a technology-led effort also helped,” he adds.
What was doubly reassuring was the fact that DNIF’s systems were already operating on security-first principles. To comply with various requirements, they only needed to streamline processes, introduce the right policies and documentation and get their employees to stick to the compliance’s stringent requirements.
For streamlining processes, DNIF adopted a ticket management system to help with tracking. “We started using JIRA for internal tickets to activities that are tracked, and records maintained audits,” says Harshal.
Simultaneously, using Sprinto’s comprehensive, editable documentation templates, DNIF leaped toward compliance readiness. Harshal recalls, “Documentation alone hinders the quantum of work done toward getting certification. I checked with some of my peers, and they spent around 4 to 5 months just creating the documentation. With Sprinto, we got done in 24 hours.”
Results
DNIF was SOC 2 Type 2 and ISO 27001 audit ready in 14 days.
Apart from achieving compliant status, Harshal adds, “From doing security ad-hoc and in a haphazard way, DNIF now operates ‘checklist-first.’ With Sprinto and its automated workflows, a system of accountability is in place.
Beyond audit success, Harshal underscores an overall improvement in DNIF’s operational practice. “Compliance is incorporated in our routine,” he notes. Because all processes are tracked over tickets, including non-technical events like employee onboarding, training, and offboarding, DNIF can record the event and log it into Sprinto for monitoring compliance.
Sprinto has my back.
By influencing culture, DNIF takes delight in improving the organization’s overall security discipline. “Our people operate with a certain sense of responsibility now, and that’s a mindset shift that’s happened.” It’s a good habit in place,” he adds.
Harshal also remarks on how Sprinto and our team made the journey a seamless experience. “No one has to go outside Sprinto to complete compliance tasks,” states Harshal. “It also gives them certain confidence [in the business].”
Today, in addition to using Sprinto to monitor compliance, DNIF leans on Sprinto to collect evidence and screenshots to fill out security questionnaires during IT reviews initiated by clients. He adds that the tool and the team are game changers for actively maintaining compliance posture and improving DNIF’s credibility and overall customer trust.
Security is something to be paranoid about. And a system of accountability and visibility is essential to proving security. Sprinto helps with this.