How Sprinto helped
Scribble Data orchestrate SOC2 & GDPR compliance to strengthen trust in product and processes
Toronto-based Scribble Data is an MLOps product company that focuses on providing foundational blocks on which enterprises build ML models and run analysis. Their platform processes and transforms a wide variety of raw data into ML-powered decision workflows that enable high-stakes decision-making. Today, Scribble Data is trusted by data teams in major industries like healthcare, retail, e-commerce, and fintech and helps power various data-driven applications and services thereof.
SOC2 Type 2
GDPR
North America
5 hours per week
Time spent by leadership to complete SOC2 implementation
12 weeks
Time to complete SOC2 Type 2 audit
<10 hours
Time to complete GDPR implementation
Ready to get started?
Challenge
Venkata Pingali, Co-founder and CEO at Scribble Data, has always held data analytics and data security as ‘connected activities’. “You cannot generate high-quality insights without high-quality data, and no business will share their data unless they trust you,” he notes. Scribble Data – co-founded by Venkata in 2016 – operates within the locus of this fact.
While Scribble Data is built on a privacy-conscious architecture, creating a robust, dependable, auditable engine is critical for generating and managing datasets safely and minimizing risk. “In our business, there’s no room for sloppiness. We need to demonstrate that we have the right checks and balances that ensure data safety, integrity, and privacy,” asserts Venkata.
As a fast-scaling company with plans for global expansion, Venkata recognized the need to implement data security controls as per SOC2 and GDPR frameworks, scoped to Scribble Data’s specific environment. “I believe in ‘security by design’. Compliance is a forcing function that ensures security,” he notes.
With both SOC2 and GDPR, Venkata’s intent was to strengthen and formalize how Scribble Data carries out its commitment to secure practices, communicated internally and externally. “It was really about the organization, not the product. It was about making sure everyone in the organization understands their responsibility when it comes to data security,” he says. “Compliance could at once create good practices and validate a lot of our existing ones,” he continues.
To launch SOC2 and GDPR compliance programs, Venkata knew he wanted to work with a compliance automation platform. “It’s just easier that way,” he says. As for criteria, he had three:
- Their compliance platform should do the heavy lifting, with minimum effort from the leadership. “As the CEO, my bandwidth is limited. It is best spent building our product, instead of writing policies,” he notes.
- The platform must be continuous and automated. “Ours is a high-trust business and we need to ensure compliance and the highest level of security at all times,” he asserts.
- The platform must be easy to use. “Every policy document takes hours to write. I preferred to work with a provider that offered me standard templates and recommendations to speed up the whole process,” he notes.
The choice to work with Sprinto was easy. “Sprinto showed me how the implementation would happen – step by step,” remembers Venkata. “I also liked the fact that the team was incredibly accessible – I could have a 5-minute chat and get the resolution. It was incredibly comfortable!” he adds.
Compliance is a journey – it’s never once and done. Knowing how tedious it can be, I resisted it for a while, adhering to the letter and intent of the compliance standards. But after talking to Sprinto, I started seeing a path to making it happen.
Solution
Scribble Data integrated Sprinto to first launch a SOC2 compliance program. In addition to Venkata, Scribble Data’s core technology team participated in the implementation process.
During the exercise, Venkata was concerned about disrupting Scribble Data’s existing architecture. “I was wary of introducing new software. But the Sprinto team approached the discussion by explaining the larger objective of SOC2 and meticulously spelled out what it takes to get there.”
Sprinto compliance experts worked with Venkata to scope out the program and map weekly action items. “I knew exactly what I needed to get done. I liked the specificity in the process,” he notes.
GDPR was scoped out as a part of the same objective – building trust in the business. “We wanted to check our processes and ensure they could honor any requests that came as part of GDPR,” remembers Venkata.
For GDPR, Scribble Data worked with a Sprinto-affiliated team of lawyers to implement control measures that do right by the data privacy law. “We identified several elements that needed to be reviewed, including our terms and conditions, standard operating clauses, cookie policies, and general marketing practices” highlights Venkata. “The extra pair of eyes helped validate our practices,” he adds.
“The key thing is that when you are on the compliance journey, it’s nice to have a one-stop shop. I did not have to go out of the way to find lawyers and consultants Sprinto had us covered,” remembers Venkata.
With any security compliance, SOC2 or GDPR, there are a standard set of things you need to think about. To speed up the process, having a tool-driven approach helps. Especially if the tool – like Sprinto – comes equipped with standardized processes and templates. It immediately boosts your productivity.
Results
Scribble Data completed its SOC 2 Type 2 implementation in 10 weeks and received its audit report 12 weeks thereafter. Their GDPR program implementation was completed in record time – under 10 hours.
“From a security hygiene standpoint, Sprinto makes compliance dramatically simple,” remarks Venkata. “Now, I spend a few minutes every day on the platform and I know exactly what needs to be done to stay on track,” he adds.
Since implementing the two programs, Scribble Data finds their operational practices have significantly improved. “Sprinto tells us how we conduct ourselves. Who has access, what they are doing with their access – this is important for us to know to ensure the highest level of accountability – something that goes beyond compliance.”
“Sprinto ensures we have the right checks and balances in place that we can show to our customers and gain their trust,” adds Venkata.
Sprinto is now our policy enforcement point. It keeps security risks manageable!