Modernizing GRC: The Success Story of Balboa Travel
Location: San Diego, California, USA
Industry: Travel Management
CONTEXT
Balboa’s Journey to SOC 2, ISO 27001:2022, and GDPR
For over 50 years, Balboa has been renowned in corporate travel management. The company offers personalized corporate and leisure travel solutions with advanced technology. When Data Protection Officer Niklaus joined, Balboa was aiming for compliance with SOC 2, ISO 27001:2022, and GDPR. Tasked with modernizing GRC processes, Niklaus chose Scrut as the most suitable partner among multiple vendors.
Niklaus Pegler, Data Protection Officer, Balboa
“One of the biggest challenges was finding specifics about the ISO 27001:2022 and SOC 2. Scrut made it easy. It showed me the exact paragraphs and sections of the standards calling for a requirement and even provided details on the requirement’s expectations.”
CHALLENGES
Decentralized Systems and Inefficient Processes
Adoption of Scrut enabled us to build GRC processes according to best practices in the industry.
SOLUTION
Balboa’s GRC Revamp
Accelerated Compliance Process: Scrut’s pre-built policy library and in-built editor enabled quick policy building and easy customization. Scrut’s people module seamlessly conducted employee training. Balboa could easily track completion through quizzes, facilitating employees’ security understanding and accelerating meeting compliance requirements.
Streamlined Vendor Management: Scrut provided a central repository for managing third-party vendors. Customizable questionnaires and automated reminders ensured compliance, and due diligence was recorded with automatic activity records and logs.
Easier Risk Prioritization: Scrut moved Balboa’s risk register into the platform. Built-in scoring mechanisms segmented risks by severity. The risk dashboard helped Balboa identify risks. The risks were also mapped back to controls for easy review and superior control of risks.
Simplified Collaboration with Auditors: Scrut’s audit management module streamlined the audit process. Auditors had direct platform access to review controls and artifacts, add comments, and submit requests. Auto-routing facilitated responses, eliminating manual processes and accelerating audits.
Proven ROI with Scrut:
Download the Full Case Study Now
IMPACT
Enhancing GRC Efficiency
Flexibility to adapt: Scrut provided Balboa with the flexibility to support both on-premise and cloud infrastructures and manual evidence upload, crucial for transitioning from legacy technology to a modern solution.
Jumpstart to compliance: Controls pre-mapped to regulatory requirements gave Balboa a headstart in achieving compliance. Scrut’s suite of policy and vendor questionnaire templates, in-built employee trainings, and pre-configured workflows further accelerated audit readiness.
Maturity in processes: With Scrut, Balboa was able to adopt mature processes across security aspects. The platform facilitated more organized vendor assessments, improved risk management processes, and simplified collaboration with internal and external stakeholders.