Want to know what AI-ready GRC really looks like, according to Forrester? 📔

How Athenium gained faster clarity in its SOC 2 journey with Scrut Teammates

Location:
United States
Industry:
Others
<60 seconds
Get answers on control intent and evidence expectations without waiting
Lower TCO
Reduced overhead by combining tooling and audit expenses
Zero dependency
Resolve day-to-day compliance questions without waiting on others
Discover why 1500+ companies trust Scrut
Book a Demo
Book a Demo
“Before Scrut, we spent most of our time trying to understand what the auditor actually wanted. With Scrut Teammates, I paste the requirement in and get a clear understanding of exactly what evidence is acceptable.”
Ken Haugen
,
IT Manager, Athenium

CONTEXT 

The compliance conversation Athenium couldn’t avoid anymore

Athenium provides advanced quality assurance and risk analytics solutions that enable enterprises to make more informed, data-driven decisions. As their client base grew, so did the frequency of a familiar conversation: security questionnaires arriving with every new prospect, audit requests from existing clients, and the increasingly urgent question of when they'd achieve SOC 2 attestation.

Ken Haugen, IT Manager and Manager of IT Operations at Athenium, became the driving force behind their SOC 2 initiative, pushing the team through a complex, multi-stage SOC 2 audit effort.

Before partnering with Scrut, Athenium's compliance approach was entirely manual. Their internal security manager handled client questionnaires one by one, interpreted audit requirements by hand, and tried to maintain consistency across responses without any centralized system. There was no definitive process for understanding what needed to be done next, no clear framework for prioritizing which resources required security controls, and no efficient way to track their progress toward completing the SOC 2 audit.

CHALLENGES 

When the cost, effort, and uncertainty of SOC 2 threatened to slow progress

  1. Prohibitive cost of compliance tooling: Most platforms Athenium evaluated required an upfront investment of around $50,000. For a small software company, that cost risked turning compliance itself into a barrier to the enterprise opportunities that made it necessary.

  2. Manual workflows with no visibility into progress: Questionnaires, policies, and evidence were handled manually, with no centralized system to reuse responses or track progress. The team lacked clear visibility into what had been completed, what remained, and whether effort was focused on the right controls.

  3. Slow clarification cycles created constant delays: Early on, questions were handled through back-and-forth on Microsoft Teams. Requirements were shared, clarifications were requested, and work paused while the team waited for responses. That back-and-forth quickly became a bottleneck.
  4. No framework for prioritizing security controls: The team struggled to determine where to focus security efforts. Without clear guidance on audit expectations, they risked spending time on low-impact areas while missing critical gaps.

SOLUTION

How Scrut Teammates became Athenium's virtual compliance analyst

Athenium's partnership with Scrut addressed both the economic and operational challenges they faced. Compared to alternatives, Scrut provided an all-inclusive solution at a significantly lower total cost of ownership. This made enterprise-grade compliance achievable for a small software company.

But the real transformation came when Scrut introduced Teammates to Athenium's workflow in the early months of their SOC 2 journey.

SCRUT TEAMMATES

An AI assistant trained on their actual compliance data

When Ken first used Scrut Teammates, he approached it with caution. He had worked with AI tools before and did not expect more than a generic interpretation of a SOC 2 requirement.

He copied a requirement for evidence directly from the platform and pasted it into Teammates. The response was not a broad explanation or a theoretical overview of the control. It was a concrete task list outlining exactly what needed to be done to satisfy the requirement.

Ken followed the steps as written. Everything aligned.

The difference was in how Teammates generated its answers. Rather than searching the internet or pulling from generic compliance libraries, it referenced only Athenium’s own data. Existing policies, uploaded evidence, and completed testing were all used as context. Scrut Teammates was not explaining what a SOC 2 control typically requires. It was telling Athenium what they needed to provide based on their actual compliance posture.

Ken notes that he has yet to receive an answer that was not relevant to his question. Compliance questions that previously introduced delays could now be resolved immediately, allowing work to continue without interruption.

“If there’s a question, I don’t bother waiting anymore. I ask Teammates, and I get an answer immediately.
Ken Haugen, IT Manager, Athenium

Tailored explanations for technical and non-technical stakeholders

Different roles at Athenium required different levels of detail.

Ken and the Director of Engineering needed comprehensive explanations so they could translate requirements into concrete technical actions and guide their teams on what evidence to pull and how to configure controls. Other team members did not need the full technical rationale. They needed clear instructions on what to do next.

Scrut Teammates supported both. When questions arose about evidence formats or documentation requirements, the tool clarified exactly what auditors expected. If an explanation felt too detailed or too abstract, the team could ask follow-up questions and have the response reframed at the right level of depth.

This flexibility meant explanations no longer blocked progress. Each team member could get the amount of detail they needed without escalating questions or waiting for clarification.

CONVERSATIONAL DEPTH

Automated questionnaire responses from a centralized compliance vault

Beyond audit preparation, Athenium continued to receive security questionnaires from prospects and clients, a process previously handled manually.

The team adopted Scrut Teammates to auto-fill security questionnaires. Every new questionnaire now starts in Teammates, with responses populated based on contextual information and previously answered data. This ensured consistency across submissions while significantly reducing the time required to complete each questionnaire.

As Athenium’s internal processes evolved, Questionnaire responses reflected the current compliance posture rather than relying on outdated answers, removing the need for repeated manual review.

AI-POWERED QUESTIONNAIRE AUTOFILL

IMPACT

How Athenium reduced friction and kept its SOC 2 work moving

For Athenium, the biggest shift was not tooling or ownership. It was momentum.

  1. Greater than 80% reduction in evidence submission delays: Delays caused by interpreting requirements and waiting for clarification dropped by more than 80%. Work that previously stalled while the team waited hours for answers could now move forward immediately. 
  2. Immediate, contextual answers that eliminated dependency on human support: Compliance questions no longer introduce wait time. Scrut Teammates delivered contextual answers in under 45 seconds, removing the need to wait on human support for day-to-day clarification and keeping compliance work moving without interruption.
  3. Significant time savings on questionnaire responses: Security questionnaires became faster and more consistent to complete. Responses no longer had to be rebuilt each time, and they stayed aligned as internal processes evolved, reducing repeated manual effort.
“Once we started using Scrut Teammates, it cut down more than 80% of the delay in understanding what we were looking for and getting the evidence submitted.”
— Ken Haugen, IT Manager, Athenium

Explore why our customers trust Scrut for their compliance needs
Book a Demo
Book a Demo
Table of contents
Example H2
h3
Example H3
h4
Example H4
h5
Example H5
h6
Example H6
Subscribe to our newsletter
Get monthly updates and curated industry insights
Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Success stories from the GRC frontlines

splitmetrics logo
Market expansion with a
security-first approach
Market expansion with a security-first approach Location: Wilmington, Delaware, USA Industry
Read Case Study
live tiles logo
LiveTiles Upgrades to ISO 27001:2022 with Scrut
LiveTiles Upgrades to ISO 27001:2022 with Scrut Location: New York, USA Industry
Read Case Study
toddle logo
Simplifying Compliance Across Global Markets
Simplifying Compliance Across Global Markets Location: Bangalore, India Industry: Edtech The Context
Read Case Study

Ready to see what security-first GRC really looks like?

The Scrut Platform helps you move fast, stay compliant, and build securely from the start.

Book a Demo
Book a Demo
Platform
Why ScrutExplore the PlatformSimplify ComplianceStreamline AuditsEmpower Your EmployeesMonitor Cyber RiskAssess Third-Party RiskValidate User PrivilegesManage Asset InventoryDemonstrate TrustAI-Powered GRCIntegrate Your Tech Stack
Frameworks
SOC 2ISO 27001GDPRPCI DSSHIPAANIST AI RMFCustom FrameworksAll Frameworks
Company Stages
StartupGrowthEnterprise
Industry
Enterprise SoftwareFinancial ServicesHealthcareTravel and TourismEducation
Resources
BlogEbooksPodcastSuccess StoriesWebinarsEventsGlossaryFAQs
Hubs
SOC 2 HubISO 27001 HubHIPAA HubExplore All Hubs
Partners
Become a PartnerFind a Partner
Company
CustomersAboutCareersNewsroomSecurity
TrustTerms of UsePrivacy PolicyCookies Policy
© 2024 Scrut Automation. All Rights Reserved.