How Sprinto gave Intellect the confidence to achieve its compliance goals
Intellect, a Singapore-based modern mental health company, helps businesses of all sizes launch and effectively manage mental health programs. Using Intellect’s platform, organizations can champion mental health and support personalized mental health journeys tailored to each individual’s needs. Intellect is recognized as a leading ‘corporate wellness provider’ and is one of the highest-rated mental health apps on AppStore and Play.
ISO 27001
Singapore
90 days
Time to achieve ISO 27001 compliance
4x
Efficiency compared to other compliance automation platforms
Ready to get started?
Challenge
Although Intellect was adhering to PDPA obligations, tapping into formal compliance and bolstering their product and business with compliance certifications was necessary to secure interest from large businesses.
When Intellect decided to pursue ISO 27001 compliance, it onboarded security consultants and freelancers to navigate the requirements. However, they struggled to meet the requirements for active control monitoring, runtime visibility, and reporting thereof. “That’s a purely human shortcoming,” notes Anurag Chutani, co-founder and CTO at Intellect. In the light of these requirements, Intellect brought on board Vanta – a compliance automation platform – to achieve control mapping and monitoring goals but they struggled to build a compliance baseline and chart a clear path to an end.
With our earlier compliance automation platform, we spent 12 months trying to figure out how to go for compliance and we could not figure it out. We only managed to achieve 30% of our compliance goals that first year.
Despite their initial expectations of achieving compliance and completing the audit within 3 months of implementing this platform, Intellect faced significant challenges in meeting even the most basic compliance requirements with their previous compliance automation provider.
In order to meet their compliance goal as planned, Intellect switched to Sprinto on a peer’s recommendation.
Solution
A detailed scoping exercise between Sprinto and Intellect made clear what each aspect of ISO 27001 compliance requires in terms of effort and time. “Our earlier platform failed to set the right expectations with us. 4-8 weeks are needed just to complete policies” remarks Anurag. With a clear timeline and guided platform implementation sessions led by Sprinto’s compliance experts, Intellect was ready to get started with ISO27001 program implementation.
Over 10 sessions with Sprinto, Intellect covered ground, one clear step at a time. They started with policies and made use of Sprinto’s pre-built templates to build their own. “Policies are critical. We wanted our policies to be comprehensive and airtight. So, we committed to working on this right at the start,” remembers Anurag.
Connecting their cloud stack to Sprinto was a simultaneous effort and allowed Intellect to map asset-level controls to compliance criteria easily and centrally. With policies published and training triggered Intellect could start tracking compliance without missing a beat. Intellect was able to automate 95% of the checks and used workflows to monitor non-integration-related security controls.
Intellect leaned heavily on Sprinto’s access management module to define and implement a compliant practice for critical systems. “We wanted to ensure only the right roles have access to critical systems and data,” remarks Anurag. “Sprinto’s integrations with critical systems like AWS and GitHub and our HRMS allowed us to set up an automated process for this.”
Even when the org roles underwent a shuffle during their compliance program implementation, Sprinto, without disrupting progress, was able to triage alerts and notify admins to check role-based access and ensure compliant configurations as per policies.
To be able to add rules for privileged accounts like Github and do it as I go, without impacting compliance, is a game-changer!
With Sprinto providing a detailed overview of compliance – checks passing, failing, due, critical, and upcoming – Intellect could proactively manage risks and prevent compliance drift from the outset. Because Sprinto optimizes for time and effort, the platform made sure backlogs are accounted for, resolved in time, and alignment is maintained.
Sprinto is extremely comprehensive. I always know the current status of compliance and the percentage where we are at. It’s a great experience.
By the 3 month mark, Intellect was ready to undergo its ISO 27001 audit. Using the auditor dashboard, Intellect onboarded their preferred auditor to review evidence samples, logs, and documents. “Our auditor could easily refer to the platform not only for the evidence but also context,” notes Anurag. “We did not have to step in as much as we thought.”
Results
Intellect completed ISO 27001 program implementation and audit in a quarter’s time, and as planned. Sprinto’s timebound sessions and structured onboarding program were key to success. “We missed these sessions with the other platform,” acknowledges Anurag
The platform and support from the Sprinto team kept us on track.
Since becoming certified, Intellect has doubled down on its efforts to cultivate its fast-filling sales pipeline and convert interest from large companies. “75% of these deals are directly impacted by security,” remarks Anurag. “Now, because we have certification, it makes security reviews much easier.”
On a day-to-day basis, Sprinto’s automated monitoring capabilities enable Anurag to spot issues and fix gaps proactively. “Sprinto’s automation provides a clear picture. Tracking is seamless – each check is supported with insights. I’m fully aware of where we are falling and why.”
Sprinto continues to enable and strengthen Intellect’s access management and people management practices by triaging alerts for new roles and system anomalies. Anurag emphasizes, “Our processes are now assured with well-defined playbooks, and Sprinto plays a crucial role in guaranteeing adherence to our policies.”