How Orca achieved 50% Reduction in Time to Audit with Scrut

CONTEXT

Orca’s Pursuit of GRC Efficiency

Orca, a prominent provider of freight audit and analytics in Canada, had previously attained SOC 2 certification using the Vanta platform. Orca needed to ensure robust security measures and achieve multiple compliance certifications. As a SaaS platform, dedicated to boosting their customers’ visibility and margins, they also expected a GRC solution that would offer similar benefits — efficiency and intuitiveness. After careful consideration, Orca chose to migrate to the Scrut platform upon renewal.

CHALLENGES

Navigating Lengthy and Complex Processes

Though Orca was using another platform previously to automate compliance activities, they lacked multiple features that created bottlenecks in Orca’s operations.

• Long-drawn Compliance Processes: Orca’s compliance procedures were leading to extended timelines for achieving audit readiness and certifications. They aimed to automate more tasks and remove unnecessary coordination activities from their processes to achieve faster compliance, which in turn could mean faster time to market.
• Paperwork and Off-Platform Activities: When using Vanta, Orca had to also rely on physical paperwork and long email exchanges, introducing additional steps in achieving compliance. The manual tracking, follow-ups, and other off-platform activities made GRC complex and highlighted the need for a more integrated and streamlined system. Orca wanted to eliminate the inefficiencies and reduce the administrative burden on their team.

Orca looked for a comprehensive solution that could eliminate these challenges — and in effect, streamline GRC activities, accelerate compliance, and save time for its teams.

The risk management features of Scrut, including inherent and residual risk tracking, have proven to be highly useful for our organization.

SOLUTION

A Comprehensive Approach to GRC Operations

Scrut integrated seamlessly with Orca’s complete tech stack. The platform ensured alignment of Orca’s controls with multiple framework requirements. This eliminated a substantial amount of duplicative efforts in Orca’s path to compliance.

The platform tested the cloud controls against 250+ CIS benchmarks, while Orca configured Scrut workflows to regularly test evidence for the remaining controls. This streamlined compliance across all control domains. For example, the People Module ensured all employee-related controls were effectively met. The platform simplified conducting and monitoring security trainings, as well as tracking employees’ hardware security and policy acknowledgements.

Orca also leveraged Scrut’s risk management features, including tracking of inherent and residual risk scores. The dashboards allowed them to prioritize critical issues and efficiently manage remediation. Overall, the centralization of compliance artifacts, easy tracking of tasks, and flexible workflows brought remarkable time savings and efficiency to Orca’s operations.

IMPACT

The Four Keys That Unlocked Efficiency

Scrut smartGRC™ not only enabled quick SOC 2 audit readiness but also facilitated long-term and scalable benefits. It streamlined Orca’s risk and compliance processes and liberated resource bandwidth.

Centralization Improving Visibility: Scrut housed all of Orca’s GRC artifacts interconnected through central controls, removing redundancy and improving visibility. This centralization also enabled Orca to reduce its time to respond to security questionnaires from weeks to just a couple of days.

Intuitive Interface Fostering Productivity: The user-friendly interface allowed Orca to adopt Scrut quickly. Team members could complete and track compliance tasks efficiently while offering real-time updates to leadership. Additionally, actionable dashboards provided insights for better decision-making.

Platform Flexibility Enabling Critical Customizations: Scrut’s platform is easily adapted to Orca’s specific needs. Custom configurations such as role-based access, approval levels, and risk calculation ensured Orca substantial operational gains and peace of mind.

Optimized Workflows Boosting Velocity: Scrut workflows allowed automated evidence collection and efficient pathways to complete other compliance activities. Orca could track tasks, view associated artifact(s) and detailed version logs, and collaborate without leaving the platform. External audits were also faster, with reduced follow-ups.