Time for a change
Would you leave a job at a prestigious company where you’re at the top of the career ladder? A job where you’ve spent over 10 years working hard and smart to get to that position? Would you especially leave that job for a startup?
I never thought I would’ve done that, but as the saying goes, “Never say never.” Goodbye, 150,000-strong organization. Hello, 20-strong (and growing!) startup!
So what compels a partner at a Big 4 to join a startup that’s half the size of his former team?
The Audit Experience Hasn’t Changed in 15 Years
Over the past 15 years, I’ve led audits for hundreds of companies across different industries, and although the technology has improved in both the audit firms and their clients, making things a bit easier for everyone, the audit process is still pretty much the same.
When one of my clients introduced me to Tugboat Logic I was amazed about their vision and confidence that they could disrupt the market and really change the way audits are delivered. It wasn’t only a tool to help with the compliance process and make life easier for the auditors, but they were talking about real automation and integration with other systems. Their view of an ideal audit from a client perspective got me thinking about how the process would change in the future, and I felt like I wanted to be part of that process and make a difference. Instead of waiting for someone to come up with a solution to make my life easier, why not be part of that change and help create software to actually change the way things are done?
Compliance is a repeatable process that should have very similar inputs and outputs every year. How is it possible that the process has not been automated yet? Are we close to that change? Are we not seeing it the same way that record companies, VHS rentals and taxi drivers didn’t see the change coming? I always thought to myself that there has to be a better way and then I came across an organization that was actually trying to make a difference. When you talk to a startup from San Francisco, the sky’s the limit, the energy and enthusiasm to change the way things are done are just something I wasn’t used to. So is there really a way to change the way things are done? A way to automate the audit and compliance process? I believe there is!
How Tugboat Logic Is Flipping the Script
Here are just some of the ways I see Tugboat Logic helping improve the audit process for both customers and auditors alike:
- Audit Readiness: Tugboat Logic has an easy-to-use InfoSec Program Builder that asks you a series of questions to help you create a customized scope of policies and controls that adhere to various industry frameworks such as SOC 2, ISO 27001, PCI, and more. If the customer doesn’t know much about security, that’s ok. Tugboat Logic has prewritten all of the content for you, and mapped it to these standards. There is a readiness dashboard that tracks implementation and evidence collection for all of the security controls in one at-a-glance view. This helps keep clients on track so they are ready for the audit examination period.
- Automated Evidence Collection: Ever feel like you are Sisyphus pushing the same boulder up the hill again and again each year you do an audit? Well no more. Tugboat has developed Automated Evidence Collection integrations with core apps and infrastructure such as Github, AWS, Jira and GSuite, so customers set it up once and it pulls this data continuously for auditors
- Auditor Collaboration and Project Management: This was one of the things I originally helped provide feedback on that got me hooked on Tugboat Logic. They have a dedicated Audit Project Module that provides a way for customers to invite their auditor into the Tugboat Logic platform. The auditor can then automatically upload their evidence request list, which turns each task into an actionable “card” that can be assigned and tracked by both the customer and the auditor. The auditor always knows where the customer is at in terms of evidence collection, and the customer always knows where the auditor is at with review of that evidence. Better still, there is a robust collaboration tool so that the customer can ping their auditor if they get stuck on a request, or if the auditor requires more information on a piece of evidence. This automation speeds up the time it takes to complete audits by more than 50%.
A Bright Future for Audits
The audit and compliance processes are not something our clients look forward to, and it requires time and money, so there is definitely a market out there ready to buy a solution that makes their life a bit easier. Maybe we are still far away from having an audit conduct itself. Maybe in the future the audit is so automated that the only time you and the auditor meet is to present you the final report. At Tugboat Logic, we are working towards simplifying the overall process, and we aim to automate things as much as possible!
PS: Want to turn your InfoSec program into a trust-building, money-making machine? Download The Future of Information Security and see how tomorrow’s category leaders are going to turn security into a competitive advantage.