CEDCOSS simplifies compliance with product-led compliance
CEDCOSS is changing the ever-growing e-commerce industry through its easy-to-use solutions enabling multi-channel sales for vendors worldwide. With 4 marquee Brands, CedCommerce, WPSwings, MageNative, MakeWebBetter, CEDCOSS serves more than 30,000 happy customers across 25+ countries. Because of their intuitive products, backed with strong customer support, they have been awarded Magento innovations lab awards twice, and continue to be named in Deloitte’s Technology Fast 500 – Asia Pacific list. We have been achieving steady traffic and conversion rates across our verticals. Where client onboarding and their satiation has been our strong deliverables.
Because e-commerce inherently is a data game, CEDCOSS deals with enormous amounts of sensitive customer data, such as customer details, inventory data, and order insights. Given the sensitivity of the data they manage and the expansive cloud infrastructure, they decided to automate their information security and compliance processes.
With Scrut, they did just that. Their entire cloud infrastructure gets monitored for risks and potential misconfigurations against Centre for Information Security (CIS) benchmarks in real-time. Through automated workflows, alerts, and notifications, the CEDCOSS team resolves these issues quickly to maintain a strong infosec posture.
They have also streamlined their employee training for information security – to develop their employees into champions of information security. With the Scrut Watchdog agency, they ensured that all endpoint devices are continuously secured, and any deviations can be corrected immediately.
CEDCOSS created a single source of truth for all their policies, tests, and evidence tasks on the Scrut platform. What was truly helpful for them was the myriad of integrations that they could leverage to plug Scrut onto their application and infrastructure landscape, enabling them to automate tests and evidence collections for 70% of the controls for 3 of the world’s most stringent information security frameworks – SOC 2, ISO 27001, and GDPR.
Due to a strong information security posture, when it came to the annual compliance audits – CEDCOSS was audit-ready for the three frameworks in 72 hours, which otherwise would have been months of efforts.