How Nium Automated Compliance Maintenance and Audit Preparation to Scale Easily with Sprinto

Nium is a San Francisco and Singapore-based cross-border payments company. A leader in global real-time money movement, numerous financial institutions, platforms, and businesses rely on Nium’s payments infrastructure to collect, convert, and disburse funds around the world instantly to accounts, cards, and wallets.

Book a demo
nium hero image
8 months Time to complete the SOC 2 Type 2 audit
97% Degree of automation in compliance management
3 controls Of 100+ needed manual evidence — the rest automated
sprinto-comparison-table-sprinto-logo
Before Sprinto
After Sprinto
Already ISO 27001 and PCI-DSS compliant, Nium faced growing demand for a SOC 2 audit report as it began engaging prospective customers in the US, adding a more evidence-intensive framework to an already demanding compliance workload.
Nium’s cloud stack integrated immediately with Sprinto, which pulled the right data and flagged misconfigurations and anomalies without false positives or negatives. Of 100+ controls, no more than 3 required manual evidence.
SOC 2 requires continuous control tracking, and missing even a single day of evidence results in a control failure captured in the audit report, placing significant ongoing burden on IT teams without automation in place.
Using the SOC 2 controls baseline, Nium transitioned PCI-DSS and ISO 27001 management to Sprinto through common control mapping and completed the auditor evidence review in under two meetings.
Nium wanted to complete SOC 2 quickly without disrupting engineering or IT teams, and sought to automate monitoring, tracking, and evidence collection rather than scale headcount to meet the requirement.
Nium received its SOC 2 Type 2 report in under 8 months, following a 6-month observation period. Ongoing automation has kept the compliance posture current since.
“SOC 2 is an intense, evidence-focused audit. If controls are not automated, it adds more burden to IT teams to ensure we do not miss something. If we miss tracking controls even for a day, it results in control failure, and it will be captured in the report.”


– Raj Viswanathan
CISO, Nium

“The best thing about using Sprinto for our audit preparation was that the technology team didn’t even realize we had an audit occurring because they didn’t receive a single request from us.”

– Raj Viswanathan
CISO, Nium

Introduction

Nium was already ISO 27001 and PCI-DSS compliant when demand for SOC 2 began to grow, driven by prospective enterprise customers in the US. SOC 2 is a more aggressive, evidence-focused framework, requiring tighter control coverage and continuous maintenance than Nium’s existing certifications. Adding it without expanding headcount meant automation was not optional.

Nium needed a platform that could integrate deeply with its cloud stack and sustain the kind of continuous monitoring and evidence collection that was required for a successful SOC 2 Type 2 audit.

The Problem

Nium’s existing control environment was strong, built on ISO 27001 and PCI-DSS foundations. SOC 2, however, demands a greater number of controls and a heavier burden in terms of ongoing maintenance and evidence collection. As Raj Viswanathan, CISO at Nium, put it: “SOC 2 is an intense, evidence-focused audit. If controls are not automated, it adds more burden to IT teams, increasing the risk of missing something. If we miss tracking controls even for a day, it results in control failure, and it will be captured in the report.”

To ensure compliance moved swiftly, Nium needed to complete the SOC 2 audit without disrupting teams or bandwidth. “Automation was crucial,” says Raj. “Instead of adding more people to complete specific tasks like incident monitoring and response, we preferred a solution to automate monitoring, track compliance, and collect evidence at once.”

The priority was finding a compliance platform capable of deep integration with its cloud stack and aligned with Nium’s goal of achieving a clean audit report without operational disruption.

The Solution

Since this was a major undertaking and part of the broader practice shift from manual to automated compliance management, Nium was keen to collaborate with someone who shared their vision.

To that end, “Sprinto’s was not a scope-led approach but rather a commitment to working together to find solutions—a shared vision aimed at achieving a clean compliance report,” recalls Raj. “The team was dedicated to the path leading to a clean compliance report and worked backward, identifying the necessary integrations and required changes, ensuring alignment throughout.”

Since its stack was immediately compatible with Sprinto, Nium could get the platform up and running fast. “Together, we found workarounds for cases where Sprinto couldn’t integrate instead of waiting for full development. Our tech team didn’t need to invest a lot of effort either,” Raj notes.

Where direct integrations were not yet available, Nium identified workarounds rather than waiting for full development, keeping the implementation moving.

With the cloud stack integrated, entities classified, and roles configured, Nium used Sprinto’s integrations to pull the right data and surface misconfigurations and anomalies without generating false positives or negatives.

Real-time alerts and contextual cues allowed Nium to address non-compliance issues as they arose and reach SOC 2 observation readiness within weeks. Sprinto’s Continuous Monitoring and Access Control modules were central to this, keeping the control environment current without manual intervention from the IT team. Of the 100+ controls required for SOC 2, no more than 3 needed manual evidence collection.

After establishing the SOC 2 controls baseline, Nium applied common control mapping to bring PCI-DSS and ISO 27001 management onto Sprinto as well, consolidating all three frameworks into a single program.

On the audit side, Nium used Sprinto’s auditor dashboard to manage the evidence review process, completing it in under two meetings. Nium rounded out the implementation with Sprinto’s Policy Management module, using it as a structured foundation for documentation and acknowledgments across the program.

Impact

Nium received its SOC 2 Type 2 audit report in under 8 months, following a 6-month observation period. “This is the fastest I have ever completed an audit!” says Raj Viswanathan. The clean report also simplified security due diligence with enterprise prospects: “We are more comfortable responding to due diligence requirements asking for independent attestations.

With Sprinto running in the background, Raj takes comfort in the fact that best practices are upheld. With real-time alerts, Nium ensures a responsive process to stay on top of compliance drift and ensure robust security. “I’m not too concerned about the next audit. It doesn’t keep me awake because we’re aware that most of our controls are in check, addressed, and we maintain compliance.”

Additionally, Raj feels more confident taking on compliance mandates now that automation-first machinery is in place. “We have a lot of vendors but limited intelligence on them. We are excited to rely on automation to track risk against vendors. Building on an existing solution is easy now.”

Got questions? Talk to our experts!

Request Demo Download PDF
Frameworks-logos-bg
Frameworks-logos-mob-bg
Industry Type

Cross-border payments / fintech infrastructure

Regions

Singapore

Modules used
Continuous Monitoring Risk Management Access Control Policy Management
Frameworks used
sprinto-customer-template-aicpa-soc-img.webp
sprinto-customer-template-iso-img.webp
PcidssFramework.webp