Managing Security Questionnaires and Compliance Across a 22k Employee Organization

With HyperComply and Hyperproof

‍

HyperComply helps companies automate security questionnaire responses, conduct vendor due diligence, and efficiently share risk and compliance information with prospects and customers. HyperComply has partnered with Hyperproof, a SaaS platform that enables teams to get complete visibility into their organizational risks, streamline the audit process, and reduce their ever-growing compliance workloads in one seamless platform. Hyperproof is trusted by leading organizations like Veeva Systems, Fortinet, Motorola, Outreach, and 3M.

‍

22,000 employees, 50 countries, and 120,000 customers. Learn how one of the world’s largest distributors of electronic products, services, and computing solutions uses HyperComply and Hyperproof to properly manage its cyber risk program and achieve company-wide goals. 

‍

We sat down with the Customer’s Director of IT Risk to discuss their challenges with managing compliance across the organization, including responding to hundreds of security questionnaires and customer requests a year while managing 20-30 major audits.

‍

Challenge

‍

Managing 200 security questionnaires per year

The Customer’s Director of IT Risk handles about 200 security questionnaires per year, and completing them was taking up the valuable time of multiple IT risk team members and resources from other lines of business. Collaboration to complete them was spread across multiple time zones, often resulting in it taking 2-3 weeks to get a security questionnaire completed. 

“There was zero automation and no digitization of the process, leading to gross inefficiencies.” — Director of IT Risk

Like many enterprise companies, this customer hit an inflection point where they knew there had to be a more efficient way to address customer requests and service questionnaires. They turned to HyperComply and Hyperproof to find a more repeatable way to eliminate these tedious activities.

‍

“Many of our IT Risk processes directly support a global sales organization in facilitating the closure of a contract with a questionnaire or helping to instill compliance confidence with a tough, educated, and demanding customer. We need to demonstrate our value to the org every day so driving efficiency to shorten cycle times is crucial.” — Director of IT Risk

‍

Teams felt immense pressure due to the volume of questionnaires, and managing this process consumed valuable hours of time that could be spent working on more strategic business initiatives. 

‍

Like many other organizations, the customer was attempting to manage these complex processes with ad-hoc tools like Excel, SharePoint and other Microsoft products. They even purchased a 1-year subscription to another tool that didn’t meet their UX or R&D journey goals for feature enhancements. 

‍

20-30 overwhelming annual audits for multiple compliance frameworks

On top of questionnaire requests, the Director of IT Risk was completing over 20-30 major audits per year, including SOX, PCI DSS, ISO 27001 and building a CMMC program for their aerospace and defense business units. Additionally, they were managing third-party risk as well with over 40 suppliers and customers with audits their team supports directly or indirectly. 

‍

“We were looking for a solution that could get our IT risk analysts off the phone with auditors and eliminate the tedious screen-sharing activities and conference call scheduling logistics just to show an auditor a piece of evidence.”

‍

Solution and Results

Scaling compliance management and questionnaire completion with platforms, not added headcount

The Director of IT Risk ran an initial pilot with HyperComply to see how good the automation process was, and he was excited to see that for the very first questionnaire HyperComply was able to auto-complete, more than 91% of the questions submitted. The Director of IT Risk stated, “Other solution platforms will attempt to “box you in,” with a short POC timeframe and a letter of commitment at the end. HyperComply did no such thing.” He continued:

‍

“They had our instance up and running in record time, provided some basic primers and training, and then let us run free. They let the value of the product sell itself.” — Director of IT Risk

On average, the customer accepts 95% of HyperComply’s auto-completed responses, reducing their time spent on any given questionnaire from 2-3 weeks to as little as 45 minutes. 

‍

The Director of IT Risk knew that to demonstrate compliance to customers and prospects in the form of security questionnaire responses, they also needed to centralize their risk management and compliance operations processes in a platform. They decided to partner with Hyperproof to streamline their risk management, compliance operations, and audit workflows, and get information in one centralized place. 

‍

Automated evidence collection

Instead of spending hours of time manually collecting evidence for audits and questionnaire responses, this customer now leverages Hyperproof’s 70+ of integrations to automate evidence collection, ensuring evidence is always up-to-date and accurate. They can reuse evidence in security questionnaires and across multiple controls and frameworks to save hours of time. 

‍

Beyond questionnaires

‍

Beyond completion rates with HyperComply Respond, the Director of IT Risk was also excited by the future of HyperComply’s information-sharing tools and the capabilities around our vendor management product. 

‍

“The HyperComply product, development and leadership team have been wonderful to deal with. I have rarely seen other SaaS platforms move this quickly.” — Director of IT Risk

‍

HyperComply has been adopted across numerous teams at multiple levels at the Customer for questionnaire completion, document sharing, and vendor management. The Customer has saved time completing questionnaires and has improved their collaboration both with customers and internally between sales, product, IT risk, and engineering.

“VPs of Asset and Product within our company have been very impressed with the platform, some of whom have been direct beneficiaries and users of the platform to support audits and questionnaires.” — Director of IT Risk

‍

Alongside HyperComply, Hyperproof has helped the customer efficiently provide assurance to customers, regulators, and partners that they take security, privacy and compliance seriously. Maintaining the trust of customers is crucial, and Hyperproof allowed them to digitize the process and scale the solution “with a platform, not headcount which is limiting from an investment liability perspective,” according to the company’s Director of IT Risk. 

‍

Audit fatigue is a thing of the past

With Hyperproof, this customer can streamline audit preparation by centralizing their work in a single place and leveraging automation to ensure your evidence is up to date to satisfy auditor requests. Hyperproof enables them to easily collaborate with their auditors, where they can work alongside the customer’s team in the platform’s dedicated audit space to share information. This dedicated audit space securely shares the data auditors need while keeping the rest of the customer’s data secure and safe.

‍

The Future 

Introducing the HyperComply and Hyperproof Integration

When we asked customers what they wanted to see in the future of our partnership with Hyperproof the response was unanimous: We want to use our HyperProof information to automatically fill in security questionnaires. So we built it. 

‍

HyperComply and Hyperproof are excited to announce that customers can now seamlessly pull controls from your Hyperproof account into HyperComply and respond to security questionnaires 18x faster with our integration. 

‍

HyperComply’s CEO and Co-Founder, Amar Chahal, said this at Hyperproof’s inaugural user and compliance conference earlier this month:

‍

“Mutual customers will be able to regularly sync their control information from their Hyperproof account and map them into security questionnaire answers automatically. This will allow Hyperproof users to respond to questionnaires more quickly and more accurately than before.”

‍