A system of continuous compliance
The team didn’t stop there. They set out to make their entire compliance journey equally simple. This meant taking advantage of OneTrust Certification Automation’s pre-built content and guidance at every step.
Instead of creating policies from scratch, they now pull templates directly from the tool. They link their policies to controls and evidence tasks, effectively reducing the chances of duplicative work. By configuring common controls to cover any areas of overlap, the team is able to automatically apply the same evidence for multiple frameworks.
“It makes life so much easier to have that all predefined and we're not reinventing the wheel every single audit,” says Macdonald. “It's rinse and repeat. It’s like, okay, we're done with PCI. Now we're moving on to SOC 2. We're done with SOC 2, now we're moving onto internal audits.”
Since then, SuccessKPI has also achieved compliance with HIPAA, ISO 27001, GDPR, FedRAMP, the California Consumer Privacy Act (CCPA), and Brazil's data protection law Lei Geral de Proteção de Dados Pessoais (LGPD).
Transforming the audit process
Even getting audited has become a vastly better experience. “The first time I did it, we were sitting in a room with an auditor and arguing about whether something applied to our organization,” says Macdonald.
With OneTrust, the team can now bring auditors directly into the portal to review all the policies and controls. It’s convenient for auditors and more assuring for SuccessKPI. By inviting collaboration and discussion early on, there are less surprises when it's time for the audit.
“The major milestone is really when we pass the audit and get the certificate,” says Macdonald. “Because that's when our sales team can do the deal.”