How Avarni reduced compliance costs and moved from Drata to Scrut without losing a step

CONTEXT 

Building a security program for the company Avarni was becoming

As a climate technology company helping organizations track and manage carbon emissions, Avarni operates in a market where trust is non-negotiable. Selling into large enterprises across Australia, Europe, and North America meant security and compliance were table stakes.

For Anuj Paudel, the challenge was even greater. With fewer than 20 employees and no dedicated compliance function, compliance ownership fell largely to Anuj alongside his responsibilities as Co-Founder and Co-CEO. As Avarni expanded into new markets and started targeting larger enterprises, each new geography and customer segment brought its own compliance requirements. SOC 2 came first. ISO 27001 and GDPR followed as the customer base grew. The compliance burden increased in lockstep with the business, and much of it rested on a single person. What Avarni needed was a solution that balanced cost, support, and capability without adding to Anuj's already full plate

CHALLENGES 

Keeping compliance lean without cutting corners

Avarni initially achieved SOC 2 Type I using Drata. However, after a major infrastructure rebuild, many of the controls, integrations, and compliance workflows tied to their previous environment no longer reflected reality.

The team faced a familiar challenge for growing SaaS companies. Compliance tooling was becoming expensive to maintain, while key compliance activities still required significant hands-on effort. As a lean organization with no dedicated compliance team, Avarni needed a practical path forward. They wanted to maintain audit readiness, prepare for future certifications, and rebuild their compliance foundation without spending months recreating processes or managing multiple vendors.

SOLUTION

A platform that showed up like a team member

Avarni selected Scrut because it delivered the right balance of compliance expertise, platform capability, and cost efficiency.

Starting fresh without starting over

Rather than simply providing software, Scrut worked as an extension of the team. The onboarding process included hands-on migration support, policy mapping, vendor inventory reconstruction, and guidance on rebuilding compliance workflows to align with Avarni's new infrastructure. While most of the migration was handled by Scrut, the team worked closely with Avarni to ensure critical controls, risks, and documentation reflected their current operating environment.

Bringing evidence, risks, and ownership together

Avarni integrated Google Workspace, GitHub, and AWS to automate evidence collection and streamline compliance operations. Scrut's built-in risk management workflows helped the team maintain both standard and customer-specific risks with clearly defined mitigation plans and ownership.

Continuous visibility into employee and endpoint compliance

The team also used Scrut Agent to validate endpoint security controls such as disk encryption, screen lock enforcement, and antivirus coverage without investing in a separate device management solution. For employee compliance, Avarni implemented security awareness campaigns and policy attestations directly through the platform, creating a repeatable process that scaled with the business.

Vendor due diligence built into the platform

Avarni uses the questionnaire capability within Scrut to conduct vendor due diligence when onboarding new suppliers. For a small company without a formal procurement function, having vendor due diligence built into the same platform as their compliance program simplifies an otherwise ad hoc workflow.

IMPACT 

Enterprise-ready compliance without enterprise-level complexity

With Scrut, Avarni completed their SOC 2 Type 2 audit and is now building toward ISO 27001 certification on the same platform.

Instead of managing compliance through disconnected tools and manual processes, the team gained a guided, audit-ready program supported by dedicated compliance experts. The result was a more sustainable approach to governance, risk, and compliance that reduced operational overhead, improved visibility into security posture, and gave a growing company the confidence to meet enterprise customer expectations without adding headcount.