How HubEngage transformed compliance processes with Sprinto’s automation

HubEngage is an experience-focused employee engagement platform designed to help organizations connect, communicate, and coordinate with their employees better. Organizations and institutions across the world from sectors like healthcare, manufacturing, entertainment, hospitality, and automotive use HubEngage to streamline and elevate employee engagement initiatives.

soc2 logo

SOC2

ISO 27001

GDPR

HIPAA

USA

15 hours

Time to implement ISO27001 standard

10%

Additional effort to layer on GDPR, HIPAA, and SOC2

1 hour a week

Time spent overseeing compliance using Sprinto

Ready to get started?
Challenge

Customers of HubEngage tend to keep various kinds of personally identifiable information about their employees – like addresses, social security numbers to financial account information – on the platform. To ensure and offer assurance of safe data handling and top-notch SecOps practice, HubEngage decided to undergo an ISO27001 audit and certification.

Hiring a compliance consultant initially proved inefficient. Coordinating compliance and implementing processes felt tedious, long, and unproductive. Sunil Sarda, Head of Engineering at HubEngage, who oversaw the compliance program, said the consultant’s methods felt ‘outdated and lacking’. “Their process is like what I’d seen and used 15-20 years ago. It was tedious then and now,” he said. “You need a dedicated CISO and team to get compliant their way.”

While preparing for ISO27001 compliance certification, HubEngage realized manual methods slowed their progress. “We needed a proactive approach to security and compliance, instead of a reactive one,” notes Sunil.

HubEngage preferred a less manual solution, which involves little-to-no overhead and demands ‘less attention’. “This way we stay focused on product development,” adds Sunil.

HubEngage researched how similar startups handled security compliance and discovered Sprinto.

Sprinto emerged as an exceptional out-of-the-box solution that immediately convinced us with its compliance workflow automation capabilities.

Solution

HubEngage integrated with Sprinto and began the ISO27001 implementation. “During onboarding, our Sprinto CSM laid out a clear 2-week plan. We were excited to get started,” remembers Sunil.

One of HubEngage’s first steps was connecting their AWS and GitHub environments to Sprinto. The ability to isolate and classify resources as production and non-production allowed HubEngage to enforce compliance protocols efficiently. With GitHub, supported by integration with Dependabot, Sprinto swiftly identified vulnerabilities across repositories and promptly alerted teams to them. “By integrating these environments with Sprinto we could stay on top of security anomalies and get granular with our attention,” remarks Sunil.

By streamlining their cloud services and apps, Sprinto gave HubEngage a comprehensive view of security risks and controls against the ISO27001 standard. Sprinto’s automated compliance workflows helped HubEngage coordinate ISO27001 compliance across the company, keeping progress moving with timely, tiered alerts. “With Sprinto, I don’t need to add reminders to my calendar,” notes Sunil. “Sprinto alerts me to checks that pass, are due, or fail. Now, whether onboarding or offboarding employees or ensuring a solid disaster recovery plan, we have compliant workflows for all, managed through Sprinto.”

Sprinto’s built-in policy templates and documentation accelerated HubEngage’s progress toward ISO27001 compliance. “Thanks to version control, the platform maintains an updated record of all policies. I do not have to store and manage any document separately on a Drive,” remarks Sunil.

Once ISO27001 was successfully enforced, HubEngage moved to implement GDPR, HIPAA, and SOC2 Type 1 controls. Since ISO27001 is a comprehensive security standard, HubEngage already had nearly 90% of the necessary controls in place. “We had to do some 10% more to meet GDPR, HIPAA, and SOC2 requirements,” remembers Sunil. “This included some nontechnical tasks like legal reviews and security training.”

Sprinto gives a single-shot view of compliance. Controls that are common to all standards can be seen at once and this helps manage them better. There’s no need to involve a third party or a new resource to manage compliance.

Results

HubEngage completed ISO27001 implementation in 15 hours. “It was quite click-and-go!” says Sunil.

At the time of the audit, HubEngage simply added their auditor to Sprinto and shared compliance evidence over a common dashboard. “It was fairly zero touch – everything the auditor needed was already on the dashboard,” remembers Sunil.

Comparing this experience to the last one, Sunil quickly emphasizes how easy it is to manage compliance and audits on a platform. “Manual audits take an entire day and require everyone to be in the office,” he notes. “With a platform like Sprinto, we just have to give details over a dashboard and that’s it. You sit back and get the report. No extra effort or time.”

Now, HubEngage proudly announces its compliance with the ISO27001, GDPR, HIPAA, and SOC2 standards. “The product gets a lot more respect. The customers also give us a lot more consideration now that we are compliant with standards like ISO,” notes Sunil.

Yet, for HubEngage, moving past the manual methods of compliance was the single biggest win. “We care about being an advanced company,” states Sunil.

Today, Sprinto’s dashboard is HubEngage’s one-stop destination for monitoring and improving compliance. “When you know everything is connected, and 3000-4000 checks are happening automatically, hitting that 95% compliance mark is easy,” he notes. “Sprinto sends [compliance] alerts that go out on a regular basis and are managed on the platform. It is easy to see where we are succeeding and lacking. I think it’s a proactive approach to security and compliance,” Sunil adds.

“In essence, Sprinto is a ChatGPT for a CISO – it is automated up to the extent that human effort is negligible. This leaves me with more time to focus on the product instead of running behind compliances and security matters.”

Once sprinto says you are compliant, you don’t have to doubt it.