See how top teams stay future-ready for audits. 🚀
Go back to blogs

Scrut innovations: October 2025 snapshot

Last updated on
November 19, 2025
4
min. read

In October, we rolled out updates that make it easier to tell the right trust story for each entity in your organization, control access overview to see who has access to what, and move through vendor reviews/assessments faster. We’ve also strengthened framework coverage and deepened key integrations, ensuring your compliance workflows remain robust as you scale.

Here’s what’s new this month:

  • Multi-entity support in Trust Vault: Tailored entity views to scale trust without duplicating portals
  • Access Matrix: Gain complete visibility into user access across applications
  • Questionnaire automation (smart import/export): Accelerate security reviews and response times
  • Vendor Assessment Summary: Executive-friendly summaries for quicker, clearer vendor risk decisions
  • Frameworks coverage: UAE Personal Data Protection Law (new), ISO/IEC 27001:2022/Amd 1:2024 (updated), SOC 2 (updated)
  • Upgraded integration (AWS resource scoping): Granular control over which AWS resources you monitor

Make your Trust Vault entity-specific and self-serve for reviewers

If you operate across multiple entities or product lines, a single generic trust portal can quickly become noisy or confusing. US and Indian entities might have different certifications, subprocessors, or controls, but your buyers still see one blended story. On top of that, every security review triggers the same back-and-forth ('Do you have ISO?', “Can you share X policy?') even when all of it already lives in Trust Vault.

With this release, Trust Vault now lets you tailor what each prospect sees per entity and answer follow-up questions directly on the portal so reviewers get what they need faster, without extra portals or endless email threads.

What’s new in Trust Vault:

  • Entity-specific trust views under one domain: Create separate Trust Vault views for each entity (e.g., US and India) under a single domain like trust.acme.com, with entity-specific URLs. Tag frameworks, controls, FAQs, and subprocessors to entities so each view only shows relevant info, and choose which entities are visible publicly or kept hidden.
  • Entity-aware access requests: When a visitor is viewing a specific entity (say, US) and requests access, the request is automatically tied to that entity. If they switch to another entity (like India), new requests are mapped to that entity instead.
  • Teammates chat on Trust Vault: Enable the Teammates chat interface on your external trust page so visitors can ask questions about your documents and FAQs directly. From additional settings, decide whether chat is available to both anonymous and signed-in visitors or restricted to signed-in users only.

Read a detailed article to know more about how Scrut simplifies multi-entity trust management with AI.

Cut questionnaire grunt work with smart import/export and AI autofill

Many teams receive lengthy security questionnaires in varying external formats, such as Excel files sent by customers or vendors. Previously, users had to input questions individually; now, Scrut can handle the heavy lifting.

With the new questionnaire automation updates, you can:

  • Import questionnaires from almost any Excel format: Upload a common questionnaire (like the CAIQ) directly. Our platform interprets the structure, identifies questions and answer fields, recognises different field types (objective, subjective, drop-downs, etc.), and gives you a preview so you can select exactly which questions to bring in.
  • Answer faster with AI-powered autofill: Fill in a few answers yourself and let Scrut Teammates autofill the rest, so you are not manually typing every 'yes', 'no', or descriptive response.
  • Bulk import questions from vendor portals: Use the updated Teammates Chrome extension to scan an entire vendor portal page for questions and import them all at once, rather than adding them one by one. You can then trigger autofill from the extension and follow the same workflow as on the platform.
  • Seamless exports: Export the completed questionnaire in the original format (e.g., Excel/Spreadsheet), including all autofilled text answers, maintaining the integrity and structure of the document required by your customers or auditors.

With Smart Import/Export, your team spends time reviewing answers, not retyping questions and wrestling with formats. To explore how this feature can save you time and effort, connect with us for a demo.

Turn long vendor questionnaires into exec-ready summaries

Vendor questionnaires are long, detailed, and hard to read when all you want is the main risk story. Compliance teams often end up scrolling through dozens of questions just to brief executives or prepare reports, and it is even harder when some vendors do not have a formal questionnaire at all.

With Assessment Summary, you can:

  • Capture key findings in one place: Add a clear Assessment Summary to any vendor assessment to describe your observations, key risks, and important notes from the review. The summary appears prominently in the final vendor assessment report, so executives and reviewers can understand the outcome at a glance without reading every question and answer.
  • Generate vendor reports even without a questionnaire: Create and export vendor assessment reports for vendors you evaluate without sending a questionnaire (for example, large cloud providers), so you can still show that a review was completed and share it with stakeholders.

Want more control over vendor risk? Scrut helps you manage third-party risk end-to-end and keep your vendor ecosystem continuously compliant. Book a demo to see it in action.

See who has access to what in one place via the Access Matrix

If you are managing access today, chances are you are hopping between tools or drilling into each application one by one just to answer basic questions like “who has what role where?”

The new Access Matrix provides a comprehensive, centralized view of all users and their roles across your organization's applications, allowing you to instantly verify user permissions and maintain a clean track record for compliance.

How the Access Matrix simplifies oversight

  • Centralized user-role mapping: Get a matrix-style table where you can view all employees from your organization on the left and all applications as columns on the right, with each cell showing the role a user holds in that application.
  • Spot privileged and unusual access quickly: Quickly spot anomalies and overly privileged access.
  • Targeted reviews with filters: Narrow the matrix to a single app, focus on specific employee groups (like active employees or external contractors), or filter by role type to zoom in on what matters.
  • Clear ownership gaps: For some applications, you may see unresolved users. Clicking through takes you to the application page in Access Overview, where you can assign owners.

Strengthen your access governance with deeper, more focused reviews. Explore how to run smarter, faster, and cleaner access reviews in our detailed guide here.

New and updated frameworks

UAE Personal Data Protection Law (PDPL) (new framework) Scrut now supports the UAE PDPL, helping you identify obligations, map requirements to your internal policies, automate control assignments, and generate reports for stakeholders.

ISO/IEC 27001:2022/Amd 1:2024 integration (updated mapping): Scrut now includes the latest amendment to ISO/IEC 27001:2022, updating climate-related language in Clauses 4.1 and 4.2 to keep your ISMS aligned with the standard.

Updated SOC 2 mapping (updated mapping): Scrut’s SOC 2 updates deliver full alignment with the latest Points of Focus, refreshed requirement categories, clearer control mappings, and optimized evidence suggestions.

Explore the Scrut Frameworks Library to see the 60+ out-of-the-box frameworks that Scrut supports, or connect with us to set up a customized framework.

New and updated Integrations

Granular AWS Resource Scoping per Account (upgraded integration): Gain fine-grained control over which AWS resources Scrut ingests with per-account scoping using Resource Types, Regions, and Tag-based rules, no need for separate accounts across environments.

Curious how Scrut works? Take our 3-minute interactive product tour (no signup needed!) to see how Scrut helps you simplify evidence collection, automate compliance workflows, and stay audit-ready year-round.

Liked the post? Share on:
Megha Thakkar
Technical Content Writer at
Scrut Automation

Megha Thakkar is a Certified Information Systems Auditor (CISA) and technical content writer who loves turning complex cybersecurity and compliance topics into stories people actually want to read. With a background as an Associate CPA (Australia) and CA Intermediate (India), she blends her love for finance and technology to bring clarity to every piece she writes. She’s known for her sharp eye for editing and content management, making sure every word earns its place.

Authored by
Table of contents
Example H2
h3
Example H3
h4
Example H4
h5
Example H5
h6
Example H6
Subscribe to our newsletter
Get monthly updates and curated industry insights
Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Join our community and be the first to know about updates!

Subscribe
I agree to receive marketing insights and other communications from Scrut Automation.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

Scrut Updates
Risk Grustlers EP 18 | Bridging the security-dev divide
Scrut Updates
How Scrut Makes Multi-Entity Trust Simpler and Smarter
No items found.
NIST 800-53 compliance audit and checklist

Ready to see what security-first GRC really looks like?

The Scrut Platform helps you move fast, stay compliant, and build securely from the start.

Book a Demo
Book a Demo
Platform
Why ScrutExplore the PlatformSimplify ComplianceStreamline AuditsEmpower Your EmployeesMonitor Cyber RiskAssess Third-Party RiskValidate User PrivilegesManage Asset InventoryDemonstrate TrustAI-Powered GRCIntegrate Your Tech Stack
Frameworks
SOC 2ISO 27001GDPRPCI DSSHIPAANIST AI RMFCustom FrameworksAll Frameworks
Company Stages
StartupGrowthEnterprise
Industry
Enterprise SoftwareFinancial ServicesHealthcareTravel and TourismEducation
Resources
BlogEbooksPodcastSuccess StoriesWebinarsEventsGlossaryFAQs
Hubs
SOC 2 HubISO 27001 HubHIPAA HubExplore All Hubs
Partners
Become a PartnerFind a Partner
Company
CustomersAboutCareersNewsroomSecurity
TrustTerms of UsePrivacy PolicyCookies Policy
© 2024 Scrut Automation. All Rights Reserved.