New: 7 top security leaders break down how to manage real AI risk, without slowing down innovation.
August 12, 2025
August 12, 2025

Scrut innovations: July 2025 snapshot

Team Scrut

July’s updates are all about visibility, control, and cleaner compliance workflows. 

In this month's update, we've addressed common pain points that often slow down compliance teams—like spending hours compiling Statements of Applicability (SoAs) in spreadsheets, chasing missing policy details, sending vendors irrelevant questionnaire items, or manually reconciling ticketing and device data.

Here’s what’s new this month:

  • Auditor-ready Statements of Applicability for ISO frameworks
  • Conditional follow-up questions in vendor assessments
  • New step in the Set Up Wizard to complete policy variables
  • Enhanced version history in policy editor with change descriptions
  • New and updated frameworks: NIST AI RMF (updated mapping), UK GDPR, NIST 800-171 Rev. 3, PCI DSS v4.0.1
  • New integrations: Kolide, ManageEngine SDP, and Azure subscription scoping

Let’s dive in.

Generate auditor-ready SoAs in minutes without the spreadsheet chaos

For ISO certifications like ISO 27001, ISO 27701, and ISO 42001, auditors expect a formal Statement of Applicability (SoA) that clearly lists each control, its relevance, and the justification for its status. However, manually creating Statements of Applicability (SoAs) can drain time and energy. Tracking which controls apply, justifying them, and aligning across ISO standards often means endless spreadsheets, risky errors, and last-minute audit delays.

With Scrut’s new built-in SoA workflow, you can now generate auditor-ready SoAs directly from the platform. Here’s what you can do:

  • Available for ISO 27001, 27701, and 42001 frameworks
  • Tag controls as In Scope, Out of Scope, or Mandatory with one click
  • Add or edit justifications directly in the control view
  • Include metadata like version name, preparation/review/approval details, and generation date
  • Download a ready-to-share SoA file that includes version history, control details, and justifications

With built-in editing and regeneration, you can keep your SoA accurate, consistent, and auditor-ready, without juggling spreadsheets or hunting for missing justifications. Log in to Scrut to try it out or book a Scrut demo to explore SoA generation the smart way.

Never miss a step: Fill policy variables directly from the Set Up Wizard

Filling in policy variables is key to ensuring your policies are accurate, consistent, and audit-ready, but it’s easy to miss this step during initial setup. Policy variables store common details like your organization’s name, address, and service descriptions, so they automatically populate across all policy templates.

During onboarding, the Setup Wizard will now display a dedicated step for filling out the Policy Variables, where you will be redirected to the Policy Settings page. This step will be marked “complete” once all variable fields are answered, or you choose to mark this step as not needed. 

This update is designed to cut down the number of steps and ensure that Customer Success Managers can guide you through a complete setup without skipping key configurations.

If managing multiple policies means repeating the same details over and over, Scrut’s Policy Variables feature can save you the hassle. Book a Scrut demo or ask your CSM to walk you through getting started.

Keep vendor questionnaires focused with Conditional Follow-Up Questions

Still sending follow-up questions that don’t apply?

If a vendor isn’t SOC 2 compliant, asking them to upload a SOC 2 report only adds noise. Without conditional logic, your questionnaires are longer, harder to answer, and slower to review.

With Scrut’s new conditional follow-up question, you can automatically tailor following questions based on previous responses — keeping your assessments relevant and efficient.

Here’s what you can do:

  • Configure follow-up questions that appear only when a specific answer is selected

  • Add up to two levels of follow-up questions for each main question

  • Add conditional questions only to single-select objective question types

This helps you keep questionnaires focused, relevant, and easier for vendors to complete without sacrificing depth where it matters. Log in to Scrut or book a demo to explore smarter vendor assessments.

Track every policy change with enhanced Policy Version History
More clarity, more context, less guesswork.

Keeping policies current isn’t just about making edits — it’s about tracking exactly what changed, when, and by whom. Without a clear version history, reviews can stall, and audits can become messy.

Scrut’s latest update to Policy Version History makes it easier to see, edit, and confirm version details — so you always have a complete, audit-ready record. 

  • Richer version details: Key metadata like Created By, Approved By, and Published By are now clearly captured for every version.
  • Change descriptions: Add or edit version descriptions to document the purpose of each update.
  • Automatic employee prompts: If a policy is linked to the Employee Training Portal, employees will be prompted to reaccept it after updates.

With everything tracked right inside the policy editor, your audit trail is clear, accurate, and always up to date. Want to see it in action? Log in to Scrut or book a demo to explore the new policy version history.

New and updated frameworks

This month, Scrut adds three new frameworks and an updated mapping to help you broaden coverage, stay audit-ready, and align with the latest regulations. Here’s what’s new:

NIST 800-171 Revision 3 (New): Designed for non-federal organizations handling Controlled Unclassified Information (CUI), this update introduces updated controls, new control families, and a stronger third-party risk focus. Includes pre-mapped controls, crosswalks to ISO 27001 and CIS, and tools to simplify audit readiness.

PCI DSS Version 4.0.1 (New): Supports organizations managing cardholder data with the June 2024 clarifications to PCI DSS 4.0 — covering payment scripts, tamper detection, and iframe use. Comes with pre-mapped controls and updated workflows to help you adopt the changes smoothly and maintain compliance.

UK GDPR (New): Supports organizations processing UK personal data under the June 2025 updates, with enhanced rules for ADM, SARs, children's data, and international transfers. Includes pre-mapped controls, crosswalks to global standards, and built-in tools for tracking and audit readiness.

NIST AI RMF (Updated mapping): Updated to support trustworthy AI governance with re-verified control mappings, streamlined evidence tasks, and new AI-specific policy templates. Enhances clarity, reduces redundancy, and helps you align more effectively with the NIST AI Risk Management Framework.

Browse Scrut's ready-to-use frameworks library or connect with your Customer Success Manager to align a custom framework setup with your compliance goals.

New and updated integrations

We’ve added new integrations to help you manage devices, streamline ticketing, and control cloud scope. These are all designed to boost precision, reduce noise, and keep your compliance workflows aligned.

Kolide (New): Integrate Kolide to sync device and admin access data, populate your asset inventory, and perform access reviews. 

ManageEngine SDP (New): Connect Scrut with ServiceDesk Plus to raise and track tickets for compliance tasks like tests, evidence, and risks. Autofill details, assign owners, and monitor status without switching tools.

Azure Subscription Scoping (Update): You can now select which Azure subscriptions to monitor in Scrut, add environment nicknames, and update scope anytime. This helps reduce noise, improves test accuracy, and ensures your dashboards, assets, and evidence reflect only what's relevant.

Explore all available integrations in the Scrut platform, or submit a request if there’s a tool you’d like us to support next.

Explore Scrut in action (no demo required)

Want to explore Scrut? Take our interactive product tour to explore the platform at your own pace and see how Scrut helps you automate evidence collection, cut manual work, and stay audit-ready every day. 

Start the interactive tour here

Liked the post? Share on:
Team Scrut

Authored by
Table of contents
Example H2
h3
Example H3
h4
Example H4
h5
Example H5
h6
Example H6
Subscribe to our newsletter
Get monthly updates and curated industry insights
Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Join our community and be the first to know about updates!

Subscribe
I agree to receive marketing insights and other communications from Scrut Automation.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

Risk Management
Automating risk management: A complete guide for modern teams
Scrut Updates
Meet the new Scrut website.
Compliance Essentials
Data governance metrics and KPIs: Track and report

Ready to see what security-first GRC really looks like?

The Scrut Platform helps you move fast, stay compliant, and build securely from the start.

Book a Demo
Book a Demo
Platform
Why ScrutExplore the PlatformSimplify ComplianceStreamline AuditsEmpower Your EmployeesMonitor Cyber RiskAssess Third-Party RiskValidate User PrivilegesManage Asset InventoryDemonstrate TrustAI-Powered GRCIntegrate Your Tech Stack
Frameworks
SOC 2ISO 27001GDPRPCI DSSHIPAANIST AI RMFCustom FrameworksAll Frameworks
Company Stages
StartupGrowthEnterprise
Industry
Enterprise SoftwareFinancial ServicesHealthcareTravel and TourismEducation
Resources
BlogEbooksPodcastSuccess StoriesWebinarsEventsGlossaryFAQs
Hubs
SOC 2 HubISO 27001 HubHIPAA HubExplore All Hubs
Partners
Become a PartnerFind a Partner
Company
CustomersAboutCareersNewsroomSecurity
TrustTerms of UsePrivacy PolicyCookies Policy
© 2024 Scrut Automation. All Rights Reserved.