See how top teams stay future-ready for audits. 🚀
Go back to blogs

Scrut innovations: January 2026 snapshot

Last updated on
February 10, 2026
4
min. read

January’s updates are about helping compliance and security teams run security and compliance programs at scale without losing control or momentum. We focused on the daily execution layer: managing multiple environments cleanly, validating evidence quality consistently, keeping work prioritized, and making approvals explicit and audit-ready.

Here’s what’s new this month:

  • Unified Partner Portal: Manage multiple client workspaces and regional hosting from a single command center.
  • Validate any manually updated evidence with Teammates: AI-powered evidence quality checks and actionable improvement guidance across your program.
  • Smart Prioritization Suite: Reduce work decision paralysis with a centralized Task Center, Notification Center, and Effort Estimate
  • Two-Stage Access Approvals: Enhanced Reviewer-to-Approver workflows for app-level Access Reviews with full audit traceability.
  • Generate external-ready AppSec Reports: Share current security posture using professional PDFs tied to live scans with Scrut DAST.
  • Frameworks coverage: New support for FedRAMP Moderate and ISO/IEC 27018:2025.

Manage multiple client workspaces securely from a dedicated Partner Portal

Partners running security and compliance programs for multiple clients need two things at once: clean separation between client environments and an efficient way for their own teams to work across those environments in parallel.

Scrut’s new Partner Portal gives partners a dedicated, workspace-based console. Partner teams can switch between client accounts in a click, with every action tracked and clear audit trails maintained. 

What’s new in the Partner Portal:

  • Isolated client workspaces: Manage each client as a separate workspace from console.scrut.io, including region-based hosting selection.
  • Flexible workspace and framework setup: Provision client workspaces and frameworks based on scope, and expand coverage as client requirements evolve. 
  • Built-in commercial clarity: Entitlements stay in sync with delivery, so partners don’t have to manage billing exceptions or manual tracking.
  • Access and permission control: Add partner team members, assign workspace access, and manage role-based visibility and module permissions.

The Partner Portal is one part of how Scrut supports partner-led delivery. Our partner program complements this with structured onboarding, enablement, product support, and co-selling opportunities to help partners scale with confidence. 

Looking to build predictable revenue through compliance services? Explore the Scrut Partner Program

Cross-check evidence quality with AI-powered checks via Scrut Teammates

Previously, Scrut’s Evidence Checker was only available for a select few evidence types. This forced compliance teams to rely on manual judgment for the rest of their evidence set, leading to inconsistent validation and the risk of submitting incomplete artifacts for an audit.

We’ve now expanded this capability to include every manually updated evidence, powered by Scrut Teammates. This ensures that no matter what you upload, you have an AI ready to verify its audit-readiness in seconds.

What’s new in Evidence Validation:

  • Evidence Checker for all artifacts: Every manually updated or uploaded evidence now features a “Check with Scrut Teammates” call-to-action.
  • Universal coverage: We have removed the limitations on specific evidence types or controls, allowing for consistent validation across your entire compliance program.
  • Intelligent link scanning: Beyond files, Scrut Teammates can now read and assess Google Document links to verify their content against compliance requirements.
  • AI-powered quality reports: Receive an instant, AI-generated assessment that highlights the strength of your evidence and identifies specific gaps or missing context.
  • Actionable improvement suggestions: Instead of just a pass/fail, you get clear, automated suggestions on how to improve the artifact for better audit outcomes.

Why does this matter:

This update eliminates the guesswork from your audit preparation. By scaling evidence validation through AI, you ensure higher-quality documentation and significantly reduce the manual review burden on your GRC team.

Note: To access these features, ensure that Scrut Teammates is enabled for your account.

Prioritize compliance work faster with Task Center, Notification Center, and Effort Estimates

Compliance teams often face a daunting flat list of hundreds of tasks across multiple modules, leading to analysis paralysis and inefficient resource allocation. Without a clear understanding of task complexity or a central view of what has changed, teams often resort to external spreadsheets and waste hours daily just deciding where to start.

Scrut brings prioritization into your daily compliance work by combining a centralized Task Center, a real-time Notification Center, and Effort Estimates so teams can plan, delegate, and execute with clarity across the entire compliance journey.

Key capabilities:

  • Organize work by compliance stage in one workspace: View work across stages like Onboarding/Audit Prep/Continuous Compliance/My Tasks, with filters by framework, entity, or role, so you always know what’s pending and where it sits in the journey.
  • Give admins and contributors the right view by default: Admins get a full program view with team assignments; contributors get a focused “My Tasks” agenda, so everyone starts the day knowing exactly what to do next.
  • Stay aware of what changed without inbox overload: Use the notification bell as a single feed for assignments, status changes, failed tests, audit findings, overdue reminders, and announcements. Click any notification to land directly in the relevant work inside Task Center, with context so you spend less time hunting and more time executing.
  • Plan and delegate with effort guidance: See LOW / MEDIUM / HIGH effort indicators on policies and evidence items, based on typical complexity, time, and people involved.

Why does this matter:

By providing a unified dashboard with built-in effort guidance, Scrut eliminates the need for manual coordination and external tracking tools. This streamlined approach helps teams reach their certification milestones faster. 

Strengthen your internal controls with two-stage access approvals

A common challenge in access governance is the lack of a formal handoff between the person performing a review and the person authorized to sign off on it. Without explicit approvals, it is difficult to maintain a clean audit trail or prevent unauthorized changes after a review is supposedly finished.

To address this, we have introduced a Send for Approval workflow within Access Reviews. This update ensures that access rights are not just reviewed but formally validated by an authorized approver.

What’s new in Access Reviews:

  • Trigger approvals app-by-app (not for the full review): Reviewers can submit an individual application for approval as soon as it’s ready, instead of waiting for the entire access review cycle to finish.
  • Create a clear reviewer → approver handoff: Reviewers complete the review, click Send for Approval, and the approver is notified to take action at the right time.
  • Require explicit approval decisions with rationale: Approvers can ‘Approve’ or ‘Decline’ with comments. If declined, the review goes back to the reviewer to fix and resubmit.
  • Capture a defensible audit trail automatically: Every step (send, approve/decline, and comments) is logged for end-to-end traceability and exception justification.

Why does this matter:

This structured Reviewer → Approver workflow provides stronger internal controls and eliminates ambiguity in your access governance. It ensures that your compliance visibility is backed by explicit, auditable decisions rather than implicit assumptions.

Turn real AppSec scans into audit-ready proof with Scrut DAST Reports

Running the App Sec program is only half the job. When auditors, customers, or marketplaces request application security proof, teams are often stuck either exporting raw scan data or sharing outdated pen test reports that no longer reflect the current application state.

Now, Scrut DAST turns vulnerability scans into external shareable application security reports ready for auditor and customer review.

What’s new in Scrut DAST Reports

  • Generated from live DAST scans: Reports are always tied to actual DAST scans, ensuring evidence reflects the current state of the application.
  • External-ready AppSec reports: Generate professional, downloadable security reports that serve audits or customer review requirements, not raw exports or screenshots.
  • Clear risk posture and scope: Each report includes an executive summary, an overall risk rating, the scan date, and a defined scope for easy external review.

Why does this matter

One of the primary requirements for an AppSec tool is the ability to produce external-facing, audit-ready security reports. Scrut DAST now helps you do application security and prove it, without extra tools or manual effort.

This update makes it easy to:

  • Share current AppSec evidence with auditors and customers
  • Submit security proof when required for regulated releases or marketplaces
  • Replace stale pen test PDFs with live, defensible reports

Stop relying on point-in-time pen tests. Scrut DAST scans continuously so you catch vulnerabilities before they become problems. Book a demo.

New frameworks supported in Scrut

We’ve expanded our framework library to help you meet the most rigorous government and international privacy standards. Here’s what’s new:

  • FedRAMP Moderate: This is the gold standard for cloud service providers looking to work with U.S. federal agencies. It includes over 300 controls based on NIST SP 800-53, covering sensitive, non-public data where security is critical. Scrut now provides pre-configured policy templates and automated evidence mapping to help you navigate this complex authorization path with confidence.
  • ISO/IEC 27018:2025: As the latest update to the international standard for PII protection in public clouds, this version aligns with modern privacy laws like GDPR. Scrut supports this via an Automated Statement of Applicability (SOA), which suggests in-scope controls and provides pre-filled justifications to save your team weeks of manual documentation.

Explore the Scrut Frameworks Library for our 70+ out-of-the-box frameworks or talk to us about setting up a custom one for your program.

Liked the post? Share on:
Megha Thakkar
Technical Content Writer at
Scrut Automation

Megha Thakkar is a Certified Information Systems Auditor (CISA) and technical content writer who loves turning complex cybersecurity and compliance topics into stories people actually want to read. With a background as an Associate CPA (Australia) and CA Intermediate (India), she blends her love for finance and technology to bring clarity to every piece she writes. She’s known for her sharp eye for editing and content management, making sure every word earns its place.

Authored by
Table of contents
Example H2
h3
Example H3
h4
Example H4
h5
Example H5
h6
Example H6
Choose risk-first compliance that’s always on, built for you.
Book a Demo
Book a Demo

Join our community and be the first to know about updates!

Subscribe
I agree to receive marketing insights and other communications from Scrut Automation.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

Scrut Milestones
Turning Endpoint Security Into Proof of Compliance with Scrut Automation and 1Password Device Trust
GRC Trends
Data privacy in 2026: How security leaders are rethinking privacy at scale
Scrut Milestones
Kicking off 2026 with 26 Gartner Digital Market Badges across 11 Categories

Experience security-first GRC powered by Scrut Teammates.

Scrut Automation’s AI-powered platform helps you move fast, stay compliant, and build with confidence from day one.

Book a Demo
Book a Demo
Platform
Why ScrutExplore the PlatformSimplify ComplianceStreamline AuditsEmpower Your EmployeesMonitor Cyber RiskAssess Third-Party RiskValidate User PrivilegesManage Asset InventoryDemonstrate TrustAI-Powered GRCIntegrate Your Tech Stack
Frameworks
SOC 2ISO 27001GDPRPCI DSSHIPAANIST AI RMFCustom FrameworksAll Frameworks
Company Stages
StartupGrowthEnterprise
Industry
Enterprise SoftwareFinancial ServicesHealthcareTravel and TourismEducation
Resources
BlogEbooksPodcastSuccess StoriesWebinarsEventsGlossaryFAQs
Hubs
SOC 2 HubISO 27001 HubHIPAA HubExplore All Hubs
Partners
Become a PartnerFind a Partner
Company
CustomersAboutCareersNewsroomSecurity
TrustTerms of UsePrivacy PolicyCookies Policy
© 2024 Scrut Automation. All Rights Reserved.