Discover how Aera Technology, a cognitive automation company, rapidly ramped up its enterprise-level certifications, including SOC, HIPAA and ISO, leveraging automation, one-to-many control mapping and program-wide visibility with ZenGRC.
Results
- Rapidly scaled compliance and risk program — without adding headcount
- Conducted audits for 5 compliance frameworks simultaneously
- Created foundation to enable easy addition of new compliance frameworks
- Cost savings of $84,000 by investing in a SaaS platform instead of adding 2 additional headcount
A Quest for Additional Certifications
Aera Technology helps customers be more agile, using cognitive technology driven by artificial intelligence (AI) and machine learning to bring scale and accuracy to decision-making processes. To broaden its footprint within additional vertical markets and Fortune 100 companies, Aera wanted to expand its enterprise-level compliance certifications beyond SOC 2 and HIPAA — retiring manual compliance processes to help make it happen.
“We wanted to introduce the same agility we bring to customers into our own compliance program. It was time to say goodbye to spreadsheets and embrace a GRC platform to help us quickly ramp and expand.”
— Benjamin Fisher, Director of Governance and Compliance with Aera Technology
From POC to Purchase
Soon after completing SOC certification with its existing manual processes, Aera recognized the level of complexity required to achieve additional certifications and quickly kicked off a search for a solution. Reciprocity’s ZenGRC platform came highly recommended by an industry peer, who cited it as a cost-effective and feature-rich way to deliver much-needed efficiency.
“We wanted a solution to make our life easier, that could be easily implemented and managed with our team’s resources, reducing our administrative burden,” said Fisher. “We did a Proof of Concept (POC) of ZenGRC — an ideal way to really understand the solution and put it to the test — and purchased it soon thereafter.”
Immediate Value and ROI
The ZenGRC platform is pre-loaded with compliance framework content, supporting more than 30 standards and regulations. This provides significant time savings, while also helping to identify the gaps and overlaps caused by running multiple programs at the same time.
“For small to mid-sized companies with stretched infosec resources, scaling a compliance program on your own eats up too much time and money. It’s a testament to ZenGRC and the platform’s ability to manage multiple frameworks that we saw value soon after implementation. The solution just makes sense from a cost benefit.”
— Benjamin Fisher, Director of Governance and Compliance with Aera Technology
Clarity and Control
With ZenGRC in place, Aera achieved certifications for SOC 2 and ISO simultaneously, then expanded to five frameworks at the same time: SOC, HIPAA, ISO 27001 and 27018. In addition, the company used the platform for vendor and customer risk assessments, leveraging the visual risk heatmap and customizable risk weighting and scoring to mitigate business exposure.
“For us, the clarity and knowledge ZenGRC provides is priceless, particularly once you start to connect the dots across controls and workflows,” said Fisher. “Being able to quickly assess the acceptability of risk controls and have workflows in place to drive audit management, that’s when the solution becomes incredibly powerful.”
Scale Faster with Fewer Resources
Aera reflects on the resources that would have been needed to run five audits across five frameworks had the organization continued with its previous manual approach.
“If you’re trying to do it manually, it’s possible but you’d better have a really big team,” Fisher shared. “The biggest benefit to us is not having to scale our department in order to manage an expansive compliance program. This alone makes the case for purchase as the cost of ZenGRC is certainly less expensive than adding another headcount to the mix.”
Just Getting Started
Aera is planning to add an additional compliance framework annually, with ISO 9001 next on the list, driven by the needs of the business, customer demand and a push into other vertical markets. For organizations wishing to expand their compliance program as quickly as Aera, Fisher has a bit of advice.
“The speed with which we’ve grown our compliance footprint has a lot to do with ZenGRC and our ability to automate, map controls and workflows and eliminate manual processes,” Fisher added. “If you do that, and you track your gap assessment to completion, you’ll get certified quickly — something not in the cards if you’re chasing spreadsheets.”