Top-tier GRC for unmatched HRMS integrity

CONTEXT

Scaling up Governance, Risk, and Compliance

As a full-stack Human Resource Management Software used by over 2.5 million employees in 150+ countries, Keka aims to lead not just in product but also in platform security. To build an easy-to-manage, scalable security program, Keka chose the Scrut smartGRC™ platform after a thorough evaluation to upgrade their GRC processes.

CHALLENGES​

Overcoming security hindrances in deal closures

Vijay’s past experience with an MSSP made him cautious about external access to internal configurations. Keka wanted to move away from this high-risk approach and began looking for a SaaS-based platform to advance their GRC program. Scrut SmartGRC™ stood out as the preferred solution that could solve all the following challenges.

1. Vendor Delays

Managing vendor ecosystem

Vendor assessments typically involved lengthy email exchanges and manual scanning of websites to obtain the required information. As a result, the entire process was inaccurate and prone to delays.

2. Fragmented Processes

Structuring security program

Processes were susceptible to slippages. This meant there were efficiency gaps in documenting versions of different artifacts, conducting access reviews, launching employee trainings, and finalizing remediation measures.

3. Credibility Snags

Maintaining trust with prospects

To expand its customer base, Keka could not afford to lose valuable time in extended due diligence by prospects. Sourcing compliance artifacts like reports, policies, and subprocessor information from across departments was challenging.

Aptitude and reliability go hand in hand. While there are a lot of namesake tools in the market, Scrut’s efficiency is driven by a combination of the platform and their solid infosec expertise.

SOLUTION​

Aligning with Pillars of Focus

With a focus on closing gaps, the objective was to strengthen internal security processes. Once done, smoother compliances would follow. There were strategically significant areas where Scrut helped revamp processes for Keka, as per their unique infosec vision.

Robust controls are set up to incorporate mature processes. Every step and every change is now tracked.

Access reviews have been made more systematic and frequent by integrating active directories with Scrut.

Vendor risks are managed by tiering all assessed vendors into different risk categories for efficient mitigation.

Proactive monitoring by the committee is now possible by using insights from Scrut’s dashboards to conduct advanced drills.

IMPACT​

Modern Platform Driving Mature Practices

GRC Processes Made Proactive: Scrut SmartGRC™ simplifies finding and fixing gaps. Continuous control monitoring eliminates deviations. Real-time consolidated artifacts ease auditor reviews, with version logs and one-click requests making the process hassle-free.

Faster and Foolproof Vendor Assessments: Third-party risk management is now efficient. Detailed logs of the due diligence process are captured and the entire workflow — from sending questionnaires to responses and assessments — is completed on time without leaks or delays.

Adaptive and Scalable Program: Scaling GRC activities is streamlined. Monitoring, revoking, and granting access no longer requires spreadsheets. Training campaigns, score calculations, and policy reminders are automated with a click.

Improved Value Perception for Customers: Vijay wanted a custom page for detailed security reports. Scrut’s Trust Vault enabled this setup in minutes, securely displaying certifications and documentation allowing Keka to share privileged access that is NDA-based and time-gated.