How InfiniteDATA automated security and achieved compliance with ISO27001 and SOC2 using Sprinto
Poland-based InfiniteDATA is a cognitive automation solutions company focused on helping large and enterprise businesses unlock efficiencies through business process automation. Leading Fortune 500 companies from across sectors like manufacturing, banking, telecom, and insurance rely on InfiniteDATA to automate different workflows and processes.
ISO 27001
SOC2
Europe
<30
Time to complete SOC2 and ISO27001 implementation
5 mins/day
Effort spent monitoring compliance
Ready to get started?
Challenge
As an automations company, InfiniteDATA naturally defaults to efficiency. “We move fast! We are 4-5 times quicker [than our competitors] when it comes to testing new features and rolling them out,” notes Miroslaw Andziak, CEO and board member of InfiniteDATA. “To do this effectively, it’s important to have a strong security practice. We think about security strategically and have a robust internal practice that allows us to develop well and deploy fast,” he adds.
While an internal security practice grounded in solid strategy frees up teams at InfiniteDATA to focus on quality and performance, it did little to address concerns and constraints levied by their customers. “Our customers come from highly regulated industries. They want their vendors to be secure. During the RFP process, while we could explain in great detail all that we do to safeguard data, it’s tedious and time-consuming,” notes Miroslaw.
Showing compliance with standards like ISO27001, SOC2, GDPR is when we speak the same language. Compliance checks the security box in a way that is easy to grasp – for our customers and auditors. It’s really pragmatic.
So that [security] expectations hold true, InfiniteDATA decided to pursue compliance with ISO27001 and SOC2 – the two most recognized and regarded compliances for their customers.
When it came down to choosing a compliance partner, Miroslaw saw little value in working with consultants, even when they have decades of experience. “You have to abide by the consultant’s schedule – it can get disruptive,” he notes.
When Miroslow came across Sprinto, he was immediately drawn to the promise of automation-enabled compliance. “We saw tremendous value in bringing these frameworks together and having a single point to implement these standards. It felt very efficient,” he remarks. “Sprinto felt groundbreaking!” he adds.
To level up to universally accepted standards of security and prove compliance, without disrupting infrastructure architecture and larger operational practice, InfiniteDATA decided to implement Sprinto.
Solution
InfiniteDATA implemented Sprinto to operationalize both ISO27001 and SOC2, “There was significant overlap between the two, and so we decided to do both at once,” notes Miroslaw. “It was also more efficient this way,” he adds.
Sprinto’s API-based behavior pulled risk information from across InfiniteDATA’s operating environment, measured and mapped via an integrated risk assessment exercise. With risks mapped to both compliance controls, InfiniteDATA only had to intervene to configure controls, systems, and policies to manage risk arising from vulnerabilities and misconfigurations, and uphold compliance. “I liked that Sprinto did not force major changes to our infrastructure. Sprinto could slice and dice our systems and collect information on its own,” notes Miroslaw.
“Sprinto was also extremely easy to use. We were alerted anytime something deviated from the standard, and we are 3 clicks away from resolution,” he adds.
Over 10 guided sessions with a Sprinto compliance expert, Miroslaw, and two members from InfiniteDATA’s engineering and security teams, worked on completing compliance tasks. “Not only did we become compliant quickly, but our CSM went above par to connect us with a suitable auditor and continued to consult with us for this leg of the activity,” remarks Miroslaw. “The entire certification process was painless!”
The real value of Sprinto is that everything is laid out clearly and transparently – you cannot fail. All aspects of security and compliance are on one window and that makes management easy.
Results
InfiniteDATA completed both SOC2 and ISO27001 implementation in under 8 weeks.
While he spent less than 30 man-days in total on the entire exercise, Miroslaw is quick to note the flexibility that was afforded to him and his team was extremely valuable. “Had we worked with a consultant, we’d have been locked into a “project”, perhaps for months. Sprinto fit our operations – we could slow down and pace up when we wanted to. We did not feel rushed at any point.”
Having received their SOC2 audit report and ISO27001 certification, Miroslow notes an improvement in InfiniteDATA’s overall ability to prove capability. “So far we could assure our customers about our product’s quality, now we can prove high standards of security and people practices,” he adds. “Now, we can tell our customers the kinds of standards we comply with and share controls and metrics to let them know they are safe with us,” he continues.
Demonstrating compliance is also helping InfiniteDATA improve its RFP response time. “We can check all the boxes. Security-wise, there are no concerns about how we deliver our product and other processes. This message we are proud to share with our customers,” says Miroslaw.
With clear visibility into security risks and controls, InfiniteDATA leans on Sprinto to ensure compliance. Miroslaw notes, “Because Sprinto is embedded into our day-to-day, it alerts us as soon as something goes wrong. This way we can stick to compliant behaviors.”
To grow as fast as we want to, you need to have everything in one place, under control, and one click away from resolution. This way of security complements success and scale.
