Case Study

Insightly Analytics partners with Scrut to get SOC 2 compliant while keeping pace of product development

Group 281.png

Insightly Analytics

Location

San Francisco

Industry

Product Used

Software-as-a-Service (SaaS)

GRC platform,
Scrut Octopus

Compliance

SOC 2 Type II

Insightly Analytics is a B2B SaaS company that offers actionable solutions to engineering teams so that they can build better software solutions effortlessly and efficiently. It provides engineering teams with real-time interactive dashboards and actionable insights that allow them to identify bottlenecks, achieve efficiency gains and avoid team burnout.

The Context

Applying for SOC 2 audit was a question of when, not if, for Insightly Analytics, for primarily two reasons. One, Insightly Analytics took information security seriously and wanted to establish a strong infosec posture from the get-go. Two, they anticipated that their potential customers would need assurance on the protection of their data, and SOC 2 compliance was a great way to showcase this. As a result, Insightly Analytics decided to preemptively go for SOC 2 Type II Audit. However, the team didn’t want to spend months preparing for the audit as that would hinder product development, which was not an option for Insightly Analytics. Hence, instead of going for a SOC 2 auditor directly, they decided to partner with Scrut Automation.

Group 265.png

The Solution

Placed within this context, Scrut came armed with the right knowledge and maneuvered Insightly Analytics with the correct way to go about the audit process.

Scrut Automation acted as a true partner for Insightly Analytics in their SOC 2 journey. Scrut Octopus automated the gap assessment across their AWS infrastructure, identifying the keyholes that needed to be stitched for the SOC 2 audit. The Scrut team helped Insightly Analytics in reviewing all policies from an Infosec perspective, helping them draft new policies as needed and upgrade the ones already in place. Scrut’s compliance dashboard enabled the Insightly Analytics team to tightly manage the SOC 2 process. Insightly was also able to access Scrut’s extensive network of auditors and penetration testers, helping them identify best-fit partners in their journey toward SOC 2 compliance. Insightly Analytics underwent two extensive Vulnerability Assessment and Penetration Tests (VAPT) and was able to get audited for SOC 2 directly through Scrut’s partner auditors.

Group 266.png

The Impact

Even though it was their first time applying for a SOC 2 Type II audit; with the extensive knowledge from Scrut’s end, it became easy to navigate the roadblocks. Starting from scratch with only two resources from their end, Insightly Analytics was easily able to navigate the complex preparation, application, and implementation process to complete the SOC 2 Type II audit.

The collaboration proved beneficial in the long term as Insightly Analytics was able to focus on the development of products and their subsequent launch in the meantime without hindering either the audit process or the product development activities. In the same timeframe, they launched not one but two key product features:
- JIRA Integration, which enables epic-level breakdown into every sprint, showcasing effort developers spend building new features vs. fixing bugs.
- Cockpit dashboard, which aimed at giving senior leadership a comprehensive overview of overall throughput, speed, and quality of releases at a squad/cohort level, all in one place.

Group 267.png

Three things that Insightly Analytics liked about Scrut Automation:

Group 271.png

Comprehensive automated cloud diagnostic for quick gap assessments, which would otherwise take weeks to complete

Group 279.png

Central compliance dashboards to track progress and bottlenecks, timelines, and accountability

Group 273.png

Great Foundational Support throughout gap assessment, policy drafting, evidence collection, and audit preparation

Group 274.png
Group 275.png

Finding a balance between the time-consuming SOC 2 Audit
and our fast-paced product development was a challenge, but
Scrut made this a reality. We were able to complete the audit
while maintaining the pace of product development, helping us
accomplish two of our goals at the same time

Sudheer Bandaru

Founder and CEO

Learn more about Insightly's journey with us

Group 278.png

Simplify Compliance:
Get Started with Scrut Automation