Case Study: Oomnitza

Oomnitza Chooses Shujinko’s Automated Audit Preparation Platform to Simplify Cloud Security Compliance

To me, that’s the whole purpose of a solution like AuditX: providing dashboards and visibility on current status and every next step. It removes the anxiety from a stressful goal and turns it into an easily manageable process. AuditX has become our system of record for compliance.

– Udo Waibel, CTO Oomnitza

Key Benefits

Creates a centralized system of record for compliance evidence, improving efficiency and continuity
Speeds evidence collection and completeness
Guides teams through audit preparation for increased productivity and decreased stress
Improves organization and collaboration, allowing teams to track and manage tasks right from the tool

Overview

Oomnitza, a leading provider of IT asset management solutions, faced the twin pressures of exploding sales and an increasing need to demonstrate security compliance for those prospective customers. In seeking SOC 2 certification, the team quickly settled on Shujinko’s AuditX™ to simplify, manage and guide the journey.

Customers Demand Security Compliance

Oomnitza’s cloud-based asset tracking software is a connected, automated and visual solution providing companies a single place to track and optimize everything that powers their business. As organizations increasingly embrace distributed and cloud-based operations – and wrestle with managing all the “things” spread across those environments – Oomnitza’s business has exploded.

As a result, the company faces both an increasing volume of customer requests, and more demanding inquiries from larger customers. Many of those inquiries, not surprisingly, focus on Oomnitza’s handling of security.

Detailing those security practices falls on the technical team, often taking the form of lengthy questionnaires. The company’s new chief technology officer quickly realized that a better approach was to demonstrate adherence to industry standards, setting the company on a path toward securing SOC 2 compliance certification.

“SOC 2 certification is increasingly something that cloud companies just need to have, so I’ve been through my share of SOC 2 audits at past organizations,” says Udo Waibel, Oomnitza’s CTO. “But my team at Oomnitza is new to this, and I wanted to find a tool that would take the angst out of the audit process.”

As importantly, given Oomnitza’s emphasis on automation, centralization and visibility in its own tools, Waibel wanted a solution that mirrored those capabilities – simplifying and guiding the team through the process, automating data collection, and serving as a system of record and central repository for all of their compliance efforts.

“I’ve used shared folders and gigantic Excel checklists and it’s an unwieldy, opaque and hugely manual process,” he notes. “I want everyone collaborating off one version of truth for clarity and efficiency – ultimately that not only speeds the process, it also saves money.”

Fortunately, a co-worker suggested Waibel take a look at Shujinko’s AuditX.

Guiding Audit Readiness

We open it up, assess where we are and what needs to be done, then go off and do it. If clarification is needed, I just point to all the included guidance. Frankly, I couldn’t imagine going back to a tracking files and versions in a shared folder.

– Udo Waibel, Oomnitza

AuditX is purpose-built software that automates audit preparation, evidence collection and readiness. With AuditX, organizations can complete the audit process 3x faster, easier, and with much greater predictability and visibility. Oomnitza was specifically attracted to the software’s guided procedure for audit preparation and its centralized, high visibility evidence collection.

“To me, that’s the whole purpose of a solution like AuditX: providing dashboards and visibility on current status and every next step,” says Waibel. “It removes the anxiety from a stressful goal and turns it into an easily manageable process. AuditX has become our system of record for compliance.”

Waibel in particular liked how AuditX orchestrated the certification process across different team members and departments, allowing assignments and progress to be monitored across operations, HR, DevOps, product management – and even with the auditors themselves. His team also relies on the guidelines in AuditX to understand exactly what is needed when it comes to collecting evidence.

“After adopting the platform, we found it easiest to just drive all our weekly sync meetings right from AuditX,” he explains. “We open it up, assess where we are and what needs to be done, then go off and do it. If clarification is needed, I just point to all the included guidance. Frankly, I couldn’t imagine going back to a tracking files and versions in a shared folder.”

An Automated Repository for Compliance Preparation

AuditX not only serves as a centralized repository for compliance evidence, it also automates the process of collecting that evidence from cloud and SaaS infrastructure – improving both speed and accuracy. AuditX even gathers important metadata to help with audit completeness. While Oomnitza has been able to use its own software to supplement data collection, Waibel values those automation capabilities tremendously.

“Automation is key to our business, so naturally I’m a huge fan,” he says. “I’ve done audits manually, and it’s a tremendous amount of labor. Automation eliminates that, while also grabbing the metadata that’s difficult – or impossible – for people to get on their own.”

AuditX maps that relevant evidence across controls, and even across standards, facilitating readiness and eliminating the need for multiple uploads. In fact, Oomnitza is using the SOC 2 compliance process to simultaneously work on ISO 27001 certification.

“When you realize multiple standards require a lot of the same evidence, going after additional certifications really improves your ROI,” notes Waibel. “With a system for centralized collection and cross-mapping, it becomes sort of a no-brainer. I’m even starting the think about our SOC 2 Type 2 certification; after one audit is the next, and it helps to have the continuity of AuditX.”

Waibel and his team have also appreciated the software’s easy to use interface and clear dashboards, as well as the support they’ve received from the Shujinko team… in particular the weekly check-ins.

“Without the help we’ve been getting from Shujinko we probably wouldn’t have gotten as far as we are today,” he says. “It really helps me feel confident we’ve got what we need for our calls with the auditor, and in general just helps us be better prepared.”

Overall Waibel has been extremely pleased in his experiences with both the software and the company. So much so, he actively recommends it. “I’m a big fan of Shujinko and AuditX, and I already find myself referencing them to quite a few other people in my network.”

Automation is key to our business, so naturally I’m a huge fan,” he says. “I’ve done audits manually, and it’s a tremendous amount of labor. Automation eliminates that, while also grabbing the metadata that’s difficult – or impossible – for people to get on their own.

– Udo Waibel, Oomnitza

Automate Audit Preparation

Get ahead of your upcoming audit deadlines and compliance initiatives. Ditch the shared spreadsheets, back and forth email, and unclear evidence requests. Start working with Shujinko’s AuditX tool to simplify, automate, and modernize audit preparation for your cloud-first enterprise.