Case Study: How Aprio Helped OutSystems Streamline & Consolidate 7 Audits

Frameworks: SOC 2, PCI DSS, ISO 27001, ISO 22308, and ISO 9001

OutSystems Inc.

As a global leader in low-code software development, OutSystems Inc. provides a platform that accelerates the creation, deployment, and management of enterprise-grade web and mobile applications. OutSystems serves a variety of industries, including banking, healthcare, insurance, government, and education, with notable clients such as Chevron, Western Union, and Humana.

Quick OutSystems Facts:

• Strong global presence with offices worldwide
• Over 750,000 community members, more than 500 partners, and customers in over 80 countries across 21 industries
• Recognized as a leader in the low-code space by analysts like Gartner and Forrester

The Challenge: Year-Round Audits with Multiple Assessors Resulted in Audit Fatigue

Major Issue 1: Too much time spent on completing audits

OutSystems completes three SOC 2s, a SOC 1, two PCI DSS, and three ISO 27001 assessments. Before engaging Aprio, these assessments spread across the calendar year. The assessments were led by multiple assessors with little to no coordination or overlap between the assessments.

Major Issue 2: Too many auditors

OutSystems operates a global business with multiple products and certification framework requirements. Previously their security compliance team was engaging different firms to complete different assessments, resulting in a lack of coordination and being asked to provide the same artifacts and perform the same walkthroughs for each assessment. This disjointed approach resulted in the OutSystems team struggling to wrap its arms around all the requirements, assign tasks to the right personnel, and gain efficiencies across compliance programs and product scopes.

Major Issue 3: No assessor had the full picture, and none of them knew how to work in Hyperproof

OutSystems was struggling with inefficient and inexperienced audit teams from multiple firms who also didn’t understand how to optimize the use of Hyperproof to streamline the assessment process. There was no coordination between auditors, and oftentimes, team members were sent to OutSystems lacking the technical expertise and business acumen to create an efficient experience. As a result, the team was struggling from audit fatigue and were spending the entire year dealing with compliance audits without time to focus on the business.

Why OutSystems Loves Partnering with Aprio

• Hundreds of hours and over nine months of audit support time saved.
• A dedicated Hyperproof optimization team that helped us take our use of Hyperproof to the next level.
• Staffed with seasoned experts who provide on demand client support as needed and understand multiple compliance frameworks and work across audit teams.

The Aprio team has done a great job of helping us streamline our assessments, saving our security and DevOps team hundreds of hours servicing audits. It’s saved us so much time!

Casey Greenstreet, Security Compliance Program Leader, OutSystems, Inc.

The Solution: Complete a Hyperproof GRC Tune-Up and Unify Assessments with Aprio!

The OutSystem’s security compliance team decided it was time for a drastic change to revolutionize the compliance program. OutSystems partnered with Aprio.  As a team, we:

• Cross-mapped multiple compliance programs and control mappings in Hyperproof, also known as control rationalization.
• Consolidated audit fieldwork and observations for all SOC and PCI projects into a single-week sprint.
• Aligned the ISO 27001, 9001, and 22301 certification process with the SOC and PCI assessments to streamline artifact collection and audit fieldwork.
• Improved compliance operations through Hyperproof’s recurring tasks, automated evidence collection, and information request tracking features.
• Harmonized the information request lists across assessments to streamline the process of collecting document requests, allowing OutSystems to provide artifact requests once, across all overlapping assessment requirements.

The Outcomes: 12 Months of Audits Condensed into Three

Aprio helped consolidate OutSystem’s audit fieldwork process and condensed 12 months of audits into three. Optimizing Hyperproof has saved OutSystems hundreds of hours in audit prep through the harmonization of compliance programs, controls, tasks, and information requests.

By leveraging the capabilities of Aprio + Hyperproof, OutSystems is set up for ongoing success and streamlined compliance operations. 

Take your audits to the next level with Aprio + Hyperproof. Contact our team today.