Building trust is a key component of any successful business, but in today’s world, trust is increasingly linked to compliance. On this episode of Innovation in Compliance, Tom Fox hosts Girish Redekar, co-founder and CEO of Sprinto. Girish shares his insights on the overwhelming nature of compliance, the benefits of frameworks like SOC 2 and ISO 27001, and the importance of building trust through compliance.
Girish Redekar is the co-founder and CEO of Sprinto, a software company that provides an automated solution for achieving and maintaining compliance for other software companies. Girish is a software engineer by trade and has a wealth of experience in running and managing software businesses. Prior to founding Sprinto, he ran a software company called Recruiter Box, where he wrote a bulk of the early code and managed teams, as well as ran product marketing.
You’ll hear Girish and Tom discuss:
- Going through the compliance process can help companies holistically view their organization and think about what it really takes to secure the data that they are handling on their customers’ behalf.
- Sprinto translates SOC 2 and ISO programs into specific security practices to run in your company and automate those practices, which can make it ten times faster and a lot less overwhelming.
- Frameworks like SOC 2 and ISO 27001 provide a standardized form of building a security program that both companies and customers can trust. “What that means is that if I claim that I am SOC 2 compliant and I can provide documentation to the same, you as my customer can actually trust the documentation and have some assurance that I do indeed run these security practices,” Girish remarks.
- The compliance stack is a list of tools that you would use to become compliant, or maintain a security posture.
- Sprinto’s security and compliance platform includes risk management, compliance management, vulnerability management, and incident management features.
- A compliance command center allows you to look at all manner of security risks through “a single pane of glass”. The command center gives you one place where you can monitor what’s happening in your company and how to mitigate it.
- Girish notes that people are often the weakest link in a company’s security and that security leaders worry about employees inadvertently sharing credentials or falling victim to social engineering attacks.
- Concerns around cybersecurity are relatively similar across the globe.
- Ransomware attacks were a major concern for security leaders in 2022, and cybersecurity insurance is becoming increasingly popular as a means of protecting against such attacks.
KEY QUOTES
“Think of SoC 2 and ISO… they’re no different than SATs. …you write SATs and you have like one score and then that you can use across colleges. SoC 2 and ISO are not very different than that.” – Girish Redekar
“It’s pretty fascinating that a standard should emerge out of just the way people want to build trust in the way they do business.” – Girish Redekar
“…the way I think about a compliance command center is nothing but a single pane of glass where you get to see exactly what your security and your compliance posture is, where the gaps are.” – Girish Redekar
Resources