How HubEngage transformed compliance processes with Sprintoβs automation
HubEngage is an experience-focused employee engagement platform designed to help organizations connect, communicate, and coordinate with their employees better. Organizations and institutions across the world from sectors like healthcare, manufacturing, entertainment, hospitality, and automotive use HubEngage to streamline and elevate employee engagement initiatives.
-
SOC2
-
ISO 27001
-
GDPR
-
HIPAA
-
USA
-
15 hours
Time to implement ISO27001 standard
-
10%
Additional effort to layer on GDPR, HIPAA, and SOC2
-
1 hour a week
Time spent overseeing compliance using Sprinto
Ready to get
started?
Challenge
Customers of HubEngage tend to keep various kinds of personally identifiable information about their employees β like addresses, social security numbers to financial account information β on the platform.Β To ensure and offer assurance of safe data handling and top-notch SecOps practice, HubEngage decided to undergo an ISO27001 audit and certification.
Hiring a compliance consultant initially proved inefficient.Β Coordinating compliance and implementing processes felt tedious, long, and unproductive. Sunil Sarda, Head of Engineering at HubEngage, who oversaw the compliance program, said the consultantβs methods felt βoutdated and lackingβ. βTheir process is like what Iβd seen and used 15-20 years ago. It was tedious then and now,β he said. βYou need a dedicated CISO and team to get compliant their way.β
While preparing for ISO27001 compliance certification, HubEngage realized manual methods slowed their progress. βWe needed a proactive approach to security and compliance, instead of a reactive one,β notes Sunil.
HubEngage preferred a less manual solution, which involves little-to-no overhead and demands βless attentionβ.Β βThis way we stay focused on product development,β adds Sunil.
HubEngage researched how similar startups handled security compliance and discovered Sprinto.
Sprinto emerged as an exceptional out-of-the-box solution that immediately convinced us with its compliance workflow automation capabilities.
Solution
HubEngage integrated with Sprinto and began the ISO27001 implementation. βDuring onboarding, our Sprinto CSM laid out a clear 2-week plan. We were excited to get started,β remembers Sunil.
One of HubEngageβs first steps was connecting their AWS and GitHub environments to Sprinto.Β The ability to isolate and classify resources as production and non-production allowed HubEngage to enforce compliance protocols efficiently.Β With GitHub, supported by integration with Dependabot, Sprinto swiftly identified vulnerabilities across repositories and promptly alerted teams to them. βBy integrating these environments with Sprinto we could stay on top of security anomalies and get granular with our attention,β remarks Sunil.
By streamlining their cloud services and apps, Sprinto gave HubEngage a comprehensive view of security risks and controls against the ISO27001 standard.Β Sprintoβs automated compliance workflows helped HubEngage coordinate ISO27001 compliance across the company, keeping progress moving with timely, tiered alerts. βWith Sprinto, I donβt need to add reminders to my calendar,β notes Sunil. βSprinto alerts me to checks that pass, are due, or fail. Now, whether onboarding or offboarding employees or ensuring a solid disaster recovery plan, we have compliant workflows for all, managed through Sprinto.β
Sprintoβs built-in policy templates and documentation accelerated HubEngageβs progress toward ISO27001 compliance.Β βThanks to version control, the platform maintains an updated record of all policies. I do not have to store and manage any document separately on a Drive,β remarks Sunil.
Sprintoβs built-in policy templates and documentation accelerated HubEngageβs progress toward ISO27001 compliance.Β βThanks to version control, the platform maintains an updated record of all policies. I do not have to store and manage any document separately on a Drive,β remarks Sunil.
Sprinto gives a single-shot view of compliance. Controls that are common to all standards can be seen at once and this helps manage them better. Thereβs no need to involve a third party or a new resource to manage compliance.
Results
HubEngage completed ISO27001 implementation in 15 hours. βIt was quite click-and-go!β says Sunil.
At the time of the audit, HubEngage simply added their auditor to Sprinto and shared compliance evidence over a common dashboard.Β βIt was fairly zero touch β everything the auditor needed was already on the dashboard,β remembers Sunil.
Comparing this experience to the last one, Sunil quickly emphasizes how easy it is to manage compliance and audits on a platform. βManual audits take an entire day and require everyone to be in the office,β he notes. βWith a platform like Sprinto, we just have to give details over a dashboard and thatβs it. You sit back and get the report. No extra effort or time.β
Now, HubEngage proudly announces its compliance with the ISO27001, GDPR, HIPAA, and SOC2 standards. βThe product gets a lot more respect. The customers also give us a lot more consideration now that we are compliant with standards like ISO,β notes Sunil.
Yet, for HubEngage, moving past the manual methods of compliance was the single biggest win. βWe care about being an advanced company,β states Sunil.
Today, Sprintoβs dashboard is HubEngageβs one-stop destination for monitoring and improving compliance.Β βWhen you know everything is connected, and 3000-4000 checks are happening automatically, hitting that 95% compliance mark is easy,β he notes. βSprinto sends [compliance] alerts that go out on a regular basis and are managed on the platform. It is easy to see where we are succeeding and lacking. I think itβs a proactive approach to security and compliance,β Sunil adds.
βIn essence, Sprinto is a ChatGPT for a CISO β it is automated up to the extent that human effort is negligible. This leaves me with more time to focus on the product instead of running behind compliances and security matters.β
Once sprinto says you are compliant, you donβt have to doubt it.
