How a cybersecurity firm built a compliance foundation across 3 countries without a dedicated security team

Location:
United States (HQ)
Industry:
Others
Discover why 2500+ companies trust Scrut
Book a Demo
Book a Demo
,

CONTEXT

Global compliance obligations with no dedicated team to meet them

Duality Technologies builds privacy-preserving data collaboration tools for enterprises and government agencies across the US, Israel, and the UK. As enterprise deals grew, ISO 27001 became a hard requirement in RFIs and procurement reviews. But for Max Fuchs, Director of Operations at Duality, the bigger concern was repeating the same painful process they had gone through during their first certification effort, which had been heavily manual, difficult to maintain, and hard to scale. This time, the team needed a more structured and sustainable approach that could support a globally distributed organization, avoid adding dedicated GRC headcount, and keep engineering teams from getting pulled into repetitive compliance work.

CHALLENGES

Compliance challenges facing Duality Technologies

  1. Duality needed a single ISMS to cover operations across the US, Israel, and the UK, ensuring policies, training, and access reviews accounted for every office consistently, with no dedicated function to track any of it.
  2. The previous certification had been manual, slow, and dependent on back-and-forth with a local auditor. As renewal approached, that approach was not going to hold up against a tighter timeline and a changed standard.
  3. On top of ISO 27001, Duality's European operations introduced GDPR obligations that needed to be tracked and maintained with the same rigor, without adding a separate compliance workstream to manage.

SOLUTION

A single engagement that covered the whole problem

When Max came across Scrut, what stood out against the other vendors was the model. One platform, one engagement, and one team that handled the compliance program, the pen test, and the external audit without Max coordinating across multiple vendors or chasing the auditor himself.

Cloud integrations that automated the evidence burden

Connecting AWS, GCP, and GitHub to Scrut meant automated controls monitoring ran continuously in the background, generating real-time compliance data and flagging misconfigurations against CIS benchmarks without requiring manual evidence pulls for every test cycle and with no access to source code itself. This is important for a company handling sensitive cryptographic technology.

A foundation that did not start from scratch

Scrut's policy library and setup wizard gave Max auditor-vetted templates customizable to Duality's environment. Having a structured starting point rather than a blank page kept the early phase of the program moving instead of stalling. That same foundation extended directly into the GDPR program through Scrut’s Unified Control Framework.

The audit process had no surprises in it

Scrut's infosec specialists worked alongside Max to close control gaps before they became audit findings. By the time the external auditor arrived, everything was staged inside Scrut's audit module with role-based access, and the email chains and shared folder back-and-forth that drag most audit cycles never entered the picture.

IMPACT

Turning compliance into a scalable growth function

  1. Automated evidence collection across AWS, GCP, and GitHub used permission-scoped integrations, eliminating the manual overhead that had defined the previous certification cycle.
  2. ISO 27001 and GDPR were managed within the same platform with shared controls and evidence mapping, building a compliance infrastructure designed to carry every future framework forward at a fraction of the original effort.
  3. All policies, controls, and evidence were centralized in Scrut, giving auditors direct platform access and cutting out the fragmented back-and-forth that slows most audit cycles.
Explore why our customers trust Scrut for their compliance needs
Book a Demo
Book a Demo
Table of contents
Example H2
h3
Example H3
h4
Example H4
h5
Example H5
h6
Example H6
Subscribe to our newsletter
Get monthly updates and curated industry insights
Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Success stories from the GRC frontlines

splitmetrics logo
Market expansion with a
security-first approach
Market expansion with a security-first approach Location: Wilmington, Delaware, USA Industry
Read Case Study
live tiles logo
LiveTiles Upgrades to ISO 27001:2022 with Scrut
LiveTiles Upgrades to ISO 27001:2022 with Scrut Location: New York, USA Industry
Read Case Study
toddle logo
Simplifying Compliance Across Global Markets
Simplifying Compliance Across Global Markets Location: Bangalore, India Industry: Edtech The Context
Read Case Study

Ready to see what security-first GRC really looks like?

The Scrut Platform helps you move fast, stay compliant, and build securely from the start.

Book a Demo
Book a Demo
Platform
Why ScrutExplore the PlatformSimplify ComplianceStreamline AuditsEmpower Your EmployeesMonitor Cyber RiskAssess Third-Party RiskValidate User PrivilegesManage Asset InventoryDemonstrate TrustAI-Powered GRCIntegrate Your Tech Stack
Frameworks
SOC 2ISO 27001GDPRPCI DSSHIPAANIST AI RMFCustom FrameworksAll Frameworks
Company Stages
StartupGrowthEnterprise
Industry
Enterprise SoftwareFinancial ServicesHealthcareTravel and TourismEducation
Resources
BlogEbooksPodcastSuccess StoriesWebinarsEventsGlossaryFAQs
Hubs
SOC 2 HubISO 27001 HubHIPAA HubExplore All Hubs
Partners
Become a PartnerFind a Partner
Company
CustomersAboutCareersNewsroomSecurity
TrustTerms of UsePrivacy PolicyCookies Policy
© 2024 Scrut Automation. All Rights Reserved.