How Tangelo optimized its compliance program for cost and efficiency with Sprinto
Tangelo is a Latin American financial technology company specializing in alternative credit products. It develops and operates tailor-made credit solutions, including personal loans, PoS, and micro-entrepreneur lines, as well as supply chain financing, merchant cash advance, asset-based lending, credit scoring, and white-labeled credit products-as-a-service for SMEs, including underserved businesses, in Mexico and Colombia.
ISO 27001
Columbia
3 months
Time to ISO 27001 audit readiness
Ready to get started?
Challenge
To comply with Superintendencia Financiera de Colombia laws and ensure trust in the business, Tangelo underwent an ISO 27001 certification audit in 2021. As their ISO 27001 certification renewal came up, Tangelo began exploring ways to bring efficiency to their approach to security audits. They initially adopted Vanta, a compliance automation platform, for its automation and documentation capabilities to manage compliance requirements skillfully. However, faced with the prohibitive renewal costs, Tangelo decided to transition to a platform that would ensure better cost efficiencies in both the short and long term.
Sprinto stood out in terms of its overall value, especially advanced risk management options.
Evelyn Vinueza, CISO at Tangelo, adds, “The AWS infrastructure, for example, is well-connected and I can easily classify assets, maintain them, and keep them updated using Sprinto. Vanta’s, in comparison, was a basic risk analysis module.”
Solution
Once Sprinto was integrated into Tangelo’s infrastructure and systems, Evelyn’s team initiated the migration from Vanta to Sprinto. “We downloaded some evidence from Vanta and uploaded it to Sprinto,” notes Evelyn. “We added policies and training documents in Spanish and used Sprinto to launch acknowledgment campaigns,” she adds.
With the ISO 27001 framework enabled and a roster of relevant documents and policies uploaded, Sprinto began highlighting gaps and underscoring tasks for Tangelo’s compliance team. Guided by Sprinto’s continuous control monitoring and real-time, context-rich alerts, they made progress quickly. “It was a 50-50 effort!”, notes Evelyn. “I had to only jump in to classify assets and set thresholds. For things like missing EBS volumes, I could easily check production and choose the right category of items for Sprinto.”
In the course of audit readiness, Sprinto’s access control module proved to be highly valuable. “Previously, with Vanta, we had to manually input information and synchronize calendars with managers to capture access-related details,” notes Evelyn. “With Sprinto, the process became significantly smoother, as the platform intuitively maintains an active user list. All I have to do is validate permissions for a user of a critical system in a matter of clicks.”
I no longer needed to depend on teams for updates. Whenever a change occurs in the system, such as employee off-boarding or a code release, Sprinto automatically keeps me informed by continuously monitoring the entire environment and triaging alerts whenever things change.
With a connected view of assets and consolidated evidence inventory, Tangelo was ready to undergo ISO 27001 audit with their existing audit partners.
Results
Tangelo was ISO 27001 audit-ready in 3 months. “We met the timeline we had set for this exercise,” shares Evelyn.
Since Sprinto consolidates all framework-related information in one place, tracked and updated in real-time, Tangelo is assured of clear visibility into their compliance status. “Sprinto’s automation, alerts, and monitoring has reduced our workload by at least 50%,” remarks Evelyn.
Since using Sprinto, Evelyn has also witnessed a significant improvement in the organization’s overall security awareness. Sprinto not only facilitates seamless access to security training materials for all employees but also empowers compliance teams with a comprehensive system of alerts and escalation to ensure accountability and federated effort.
Auditors need to see an inventory of our assets and Sprinto helps us maintain an up-to-date inventory. There is clear visibility into their current status, even if these entities are not in audit scope.