Success Story

Compliance Automations Help Data Republic Speed Through Flawless Audit

Key Outcomes:

  • Saved 6 months of a developer time, and a half-FTE compliance manager
  • “From scratch to ISO in 6 weeks,” with zero non-conformances or opportunities for improvement
  • Audit completed 50% faster than expected
  • Cut audit fees by 10%

For data sharing company Data Republic, security is critical to the product, and compliance is critical to the product growth. Data Republic provides a secure data sharing solution that helps companies unleash the power of data-driven innovation. They help hundreds of companies find value by combining their data with other sources of data and providing governed data access to external innovators, all while putting privacy and security at the forefront of their solution.

Richard Lane is the Head of Security and Risk at Data Republic. He is a one man team that manages security, risk management, security operations, and on top of all that he is also responsible for proving their security through compliance. The company is growing and as they gained more customers and prospects more opportunities were asking for proof of Data Republic’s security posture. Data Republic had invested in penetration testing, but customers were demanding compliance certifications; “Customers view compliance certifications as table stakes now, and required them in contracts to close deals,” Richard noted.

Compliance Automations for Audit Prep

Data Republic had customer obligations and deals to close which meant a short time frame to achieve their compliance certifications. Richard had prepared for and ran audits before, sometimes with spreadsheets and docs, other times with expensive enterprise GRC software. He knew that as a one man team he wasn’t going to be able to do the audit successfully, and on time, without an intelligent tool to help him. After a thorough review of the GRC platform landscape he chose Aptible to help him, primarily because of the automations.

“Comply radically simplifies things from generating a policy manual to automating evidence collection to audits”

Speeding Through the Audit

Being a cloud native solution since day 1, Data Republic got a lot of value out of the AWS integration so they could automate asset inventories, evidence collection, and issue detection. After setting up their AWS integration, Comply was able to identify services in use that the engineering team had not mentioned were used, allowing Richard to monitor and prove security for all of their resources. They also integrated JAMF, G Suite, and GitHub to stream in assets and evidence from each of those services. Thanks to compliance automations Data Republic was able to “go from scratch to ISO in just 6 weeks” according to Richard, with zero non-conformances or opportunities for improvement.

Scaling Using Technology not Headcount

Despite being, essentially, a compliance team of one, Richard is able to use Comply to manage compliance and his other responsibilities. He is able to scale with technology instead of scaling the team.

“The automations I get today would take a developer 6+ months to do, and using Comply is like having another half-FTE compliance team member just to do audit-prep.”

Saving Money on Audits

It wasn’t just Richard who found the value in Comply, Data Republic’s auditors also found that Comply made their job easier resulting in faster and cheaper audits. One auditor claimed that the audit took half the amount of time expected, while another auditor noted that using their existing ISO 27001 evidence for SOC 2 would allow them to immediately avoid 25% of the document requests in that audit. One auditor provided a 10% discount based on the automations and the ease they experienced.

What's Next?

With the audits behind him, Richard is looking forward to implementing more of the automation functionality in Comply. He is looking forward to integrating his HR tool as the source of truth for his people assets so he can automate user access reviews. “That’s a permanent task that is normally spread out across 6-10 people which I’m looking forward to no longer doing.”

Comply helped Richard establish a policy manual, automate difficult compliance management tasks, and quickly achieve his compliance certifications. If you’re looking to automate compliance management and achieve compliance certifications like Richard, see how Comply can help you.

“Within seconds of connecting our SaaS systems to Comply we were generating artifacts which were automatically applied to our SOC 2 and ISO 27001 controls to use in our audits.”

- Richard Lane, Head of Security and Risk

Key Integrations