How Shipsy deployed Sprinto to get compliant and enforce security practices org-wide
Shipsy is an India-based logistics SaaS company that empowers organizations handling trade and logistics with an AI-enabled mobility management platform for data-driven decision-making, process visibility, and operational efficiency. Shipsy is a preferred partner for the logistics and supply chain arm of leading hyper-local businesses, courier services, manufacturing giants, and trade companies across the globe.
SOC2 Type 1 and 2
ISO 27001
GDPR
Asia
33%
Marginal effort when layering on frameworks
3 months
Time to SOC2 Type 1 readiness
2 months
Time to SOC2 Type 2 readiness
1 month
Marginal effort to implement ISO27001 after SOC2
<1 month
Marginal effort to complete GDPR after ISO27001
Ready to get started?
Challenge
With a rapidly mounting preference for digital commerce, supply chain functions of companies across sectors are feeling the pressure to optimize the economics of trade. To ensure the flow of goods and trade happens swiftly, seamlessly, and efficiently, Shipsy relies on large streams of data to chalk out optimal shipping solutions. While ensuring efficiency is central to the mission, prioritizing security has become equally critical to success. “Our platform relies on a lot of data and produces insights that impact every aspect of a logistics operation”, notes Himanshu Gupta, Co-founder and CTO at Shipsy. “Given its nature, it is only right on our part to give our customers the assurance that we are built solid and practice good security hygiene,” he adds.
To implement security guardrails that can assure customers and also secure operations, Shipsy decided to double down on compliance. “Having good systems in place is one thing. Having certifications that prove it builds trust. Especially when you are dealing with Fortune 500s and publicly traded companies,” notes Himanshu. “To this end, we decided to pursue SOC2, ISO27001, and GDPR.”
Himanshu decided to operationalize these compliances with a robust platform. One that could, unlike a consultant, support compliance management and improve their business KPIs. “Stringent compliances like SOC2 cannot be accomplished over excels”, Himanshu notes. “Especially when you are a growing company with hundreds of employees. The cost of complexity is significant,” he adds.
Himanshu preferred to work with a solution that could
- Clear the path to SOC 2 compliance and others thereafter
- Do much of the heavy lifting without demanding much bandwidth from the team
- Give Shipsy visibility into its security posture, and gaps therein
Shipsy zeroed in on Sprinto after evaluating multiple compliance automation platforms.
What moved the needle was the assurance of agility – we were convinced Sprinto could accommodate our unique needs and help us meet our goals.
Solution
Shipsy integrated with Sprinto to implement, first, a SOC2 program. Following a comprehensive scoping and risk assessment exercise that underscored gaps in systems and processes, Shipsy quickly leaped towards mapping controls to the SOC2 framework and deploying checks – automated and monitored – to track compliance status.
I liked how easy it was to integrate Sprinto with AWS, our HRMS, and other software. In a matter of clicks, data begins to flow into Sprinto.
One representative from Shipsy’s InfraOps team and one from the PeopleOps team oversaw the implementation. “Between them, we spent a few minutes every week to fill the gaps the platform pointed out,” remarks Himanshu.
Following the SOC2 implementation, Himanshu and his team pushed toward ISO27001. “Because Sprinto already had controls mapped to SOC2, setting us up for ISO27001 was a matter of adding a few additional checks and policies. We completed the entire implementation within a week!”
For GDPR, Sprinto supported Shipsy in obtaining legal counsel for setting up and verifying various GDPR policies, including GDPR-compliant privacy policy, data processing agreement (DPA), and standard contractual clauses (SCC). “Completing ROPA was the only additional activity we needed to do. Technical controls were already mapped and monitored within Sprinto,” remarks Himanshu.
Throughout, Sprinto ensured the entire implementation remained modular and operated within the locus on simple, clearly defined milestones.
With Sprinto, we did not have to go out of our way to organize these compliances. It was a one-stop experience!
Results
Integrating with Sprinto helped Shipsy springboard towards compliant operations.
Supported by cross-framework mapping, smart automation, and guided implementation, Sprinto helped tame complexity and add a tailwind to Shipsy’s goals of fostering SOC2, ISO27001, and GDPR-compliant operations.
Sprinto added the most value through automation. The platform connects seamlessly with various applications and pulls the right data to determine compliance. Automation ensures we only need to step when the platform alerts us to an instance of non-compliance,” he adds.
Over the course of the implementation, Shipsy also identified opportunities for improving various process SOPs. “Going through the compliance journey opens your eyes to how things ‘should’ be done,” notes Himanshu. “Employee onboarding and offboarding, for example. We now have a well-defined, compliant process in place. Standard operating principles really help trim down complexities,” he adds.
Since implementation, Shipsy actively relies on Sprinto to keep a check on compliances and enforce policies org-wide.
A member from PeopleOps and InfraOps teams regularly checks the Sprinto dashboard to review our compliance status. They complete tasks that the platform prompts and make sure we are staying within boundaries of compliance.
