Top-tier GRC for unmatched HRMS integrity
Location: Hyderabad, India
Industry: SaaS
CONTEXT
Scaling up Governance, Risk, and Compliance
As a full-stack Human Resource Management Software used by over 2.5 million employees in 150+ countries, Keka aims to lead not just in product but also in platform security. To build an easy-to-manage, scalable security program, Keka chose the Scrut smartGRC™ platform after a thorough evaluation to upgrade their GRC processes.
Vijay Kumar, CISO, Keka HR
“Rolling out a great product is only half the job. Securing it with the right controls and processes is what defines its success in the market.”
CHALLENGES
Overcoming security hindrances in deal closures
Aptitude and reliability go hand in hand. While there are a lot of namesake tools in the market, Scrut’s efficiency is driven by a combination of the platform and their solid infosec expertise.
SOLUTION
Aligning with Pillars of Focus
With a focus on closing gaps, the objective was to strengthen internal security processes. Once done, smoother compliances would follow. There were strategically significant areas where Scrut helped revamp processes for Keka, as per their unique infosec vision.
Robust controls are set up to incorporate mature processes. Every step and every change is now tracked.
Access reviews have been made more systematic and frequent by integrating active directories with Scrut.
Vendor risks are managed by tiering all assessed vendors into different risk categories for efficient mitigation.
Proactive monitoring by the committee is now possible by using insights from Scrut’s dashboards to conduct advanced drills.
Proven ROI with Scrut:
Download the Full Case Study Now
IMPACT
Modern Platform Driving Mature Practices
GRC Processes Made Proactive: Scrut SmartGRC™ simplifies finding and fixing gaps. Continuous control monitoring eliminates deviations. Real-time consolidated artifacts ease auditor reviews, with version logs and one-click requests making the process hassle-free.
Faster and Foolproof Vendor Assessments: Third-party risk management is now efficient. Detailed logs of the due diligence process are captured and the entire workflow — from sending questionnaires to responses and assessments — is completed on time without leaks or delays.
Adaptive and Scalable Program: Scaling GRC activities is streamlined. Monitoring, revoking, and granting access no longer requires spreadsheets. Training campaigns, score calculations, and policy reminders are automated with a click.
Improved Value Perception for Customers: Vijay wanted a custom page for detailed security reports. Scrut’s Trust Vault enabled this setup in minutes, securely displaying certifications and documentation allowing Keka to share privileged access that is NDA-based and time-gated.