Solution

Happay started by enabling the SOC 2 Type 2 audit readiness program on Sprinto. With their cloud stack tightly integrated with the platform, Happay was able to move a large part of the control implementation and monitoring activities to Sprinto. These activities could then be tracked and tackled according to the requirements of the standards.

For non-technical aspects of SOC 2, Gourav leaned on the PeopleOps function at Happay to drive compliance. “In the very first meeting, we scoped out all people-related activities and got the HR team onboarded. People, after all, have the biggest impact on compliance outcomes,” notes Gourav.

To orient the overall organization towards SOC 2 requirements, new policies needed to be drafted and implemented. Happay expedited this requirement using Sprinto’s built-in policy templates and policy acknowledgment module. “It was easy to publish and update policies in a single place, instead of creating multiple policy folders and sharing them with everyone over emails,” remarks Gourav.

Sprinto is an easy 8.5/10 in terms of usability and presence. It is familiar and interactive to the point that you can make a mind map easily and move forward with confidence.

To ensure strictness in technical controls, Happay utilized Sprinto’s built-in security tools to double down on its efforts. Gourav notes that these embedded features were very useful, especially integrating with Sprinto’s SL scan. This integration provided deeper visibility into code bugs and vulnerabilities, which complemented their own efforts.

For Happay, Sprinto’s continuous compliance monitoring capabilities and automated alerts proved to be the most useful levers in driving compliance and achieving audit readiness. Throughout, by automatically tracking compliance drift, Sprinto raised alerts to the right roles within the org and triggered follow-ups to drive timely remediation.

Additionally, actionable alerts supported by clear workflows ensured Happay’s compliance function was not bogged down by administrative tasks. “If I post a device status reporting requirement today, I can immediately see who the requirement is sent to, who has completed it, and who is facing problems. The dashboard provides immediate visibility,” notes Gourav. He adds,

Technical aspects of compliance are easy. It’s the collaboration with people that is stressful. Initiating policies, granting access, training employees, reviewing policy changes, and ensuring everyone acknowledge the changes can be a lot of mundane work. Sprinto gives me the ability to launch and manage all of these tasks from one place, with just a few clicks.

After implementing SOC 2 controls, Happay also decided to enforce GDPR controls. As the technical aspects of compliance were already covered by the SOC 2 implementation, the only effort spent was on ensuring the legal parts of GDPR compliance. Sprinto connected Happay with legal experts specializing in DPA as well as an EU representative. Since then, Happay updated its policies to reflect GDPR readiness and implemented measures that uphold GDPR compliance.

Results

Happay achieved SOC 2 Type 2 audit readiness in about 5 weeks. They completed the audit following 4 months of observation, completed within a month of kickoff. Additionally, Happay became GDPR compliant during the same period.

Armed with the SOC 2 Type 2 audit report, Happay has successfully catalyzed sales and closed multiple enterprise deals.

The uptick in sales and renewals aside, as an infosec leader, Gourav is thrilled about having a lean and streamlined compliance practice, supported by Sprinto’s technology and experts. “A large portion of security compliance involves operations and administrative work. Sprinto adds the most value by automating this process end-to-end,” notes Gourav. “The team behind Sprinto is equally commendable. They problem-solved with us every step of the way, going over and above some days. That gave me a lot of faith,” he adds.

With Sprinto embedded in its operations, Gourav believes Happay is adequately equipped to launch new compliances with minimal friction. Sprinto gives an instant assessment of Happay’s readiness for other security standards through common control mapping, which enables quick and informed actions as needed. “Because you can see it, it is easy to act on it,” remarks Gourav.

My job was to turn compliance from a project into a function that exists at all steps of Happay. Sprinto has helped to realize this.