How Equalture got ISO 27001 compliant and increased sales velocity
Equalture, based in the Netherlands, operates as a neuroscience-based predictive hiring software that removes bias from the recruitment process and ensures objective hiring. Leading organizations worldwide, including FrieslandCampina, Randstad, and Vodafone rely on Equalture to power their hiring programs.
Time to ISO27001 readiness
Ready to get started?
Equalture aims to bring hiring into the 21st century – away from cover letters, alma maters, and biases – by using neuroscience. As the company grew, it expanded its offerings to include game-based hiring assessment solutions for companies of various sizes – from startups to scale-ups to enterprises. However, in doing so, it encountered a common problem.
Sales conversations with enterprise companies were often derailed by lengthy security questionnaires. Jaap Haagmans, CTO of Equalture, was responsible for filling out these questionnaires and noticed that they took up a significant amount of critical bandwidth. To make matters worse, some companies would refuse to book demos with Equalture if they found out that the company was not compliant.
“We saw that if you answered ‘no’ to the question, ‘Are you ISO 27001 certified?’, about 160 more questions came up,” remarks Jaap.
Because security questionnaires started to affect sales cycles and closure rates, Equalture decided to get ISO 27001 compliant. Given his experience with compliance at previous, bigger firms, Jaap sought out a compliance automation partner and after assessing multiple vendors chose Sprinto.
Sprinto was very hands-on and transparent. One of the things that were nice in the sales process was being walked through the dashboard, being shown what happens, and outlining how much time it was going to take.
As part of Equalture’s onboarding, a Sprinto CSM conducted an initial call to create a list of to-dos for ISO 27001 implementation. Jaap followed the checklist created by Sprinto, starting with HR processes such as policy acknowledgment and security training. Over four expert-led sessions, Jaap gained confidence in both Sprinto and the platform. Once their tech stack was integrated with Sprinto, he began implementing technical controls himself via the dashboard.
“Sprinto makes things visible. You can see exactly where you are compliant and not. Every time we enabled a new check, that number would go down, and I’d be motivated to get that up again. The dashboard really kept us going!”, remarks Jaap.
Since Equalture handles swathes of personal data, they already followed security best practices to a large degree. To meet ISO 27001 standards, Jaap only had to focus on tightening up security measures and bolstering the practice with the right policies and documentation. These policies and documentation would crystallize compliance while also ensuring transparency around how data is handled by employees across role categories.
Comparing the compliance process at Sprinto with his previous experiences at other organizations, Jaap noted that the communication through their journey is what stood out to him the most. “Every question is answered within 24 hours. Responsiveness, guidance, and the human touch definitely help.”
Working with Sprinto was easy, we never felt lost, and it was always clear what needed to be done and what hadn’t been done yet. And if there’s one USP, then that’s it.
Equalture achieved ISO27001 audit readiness in under 8 weeks. The auditor interaction was carried out over the Sprinto dashboard, and Jaap recalls speaking to the auditor only once – during the introduction call to decide which auditor to proceed with. Equalture’s ISO 27001 audit, tagged to Sprinto, took less than a month. They received certification 2 weeks after completion, with no exceptions. Building on this success, they also pursued compliance with GDPR.
For Jaap, the biggest win was completing the entire ISO 27001 audit and certification process faster than he’d anticipated – less than a quarter. “I had a deadline to meet and we achieved compliance well within that time frame!” he recounts.
“Customers now have a lot more comfort in working with us, in continuing to work with us, or rolling us out to the entire organization,” notes Jaap. “With questionnaires, now it’s really convenient for us to say ‘yes we’re ISO compliant’, and them thinking ‘okay it’s probably going to be fine’, he adds.