Scrut innovations: March 2025 snapshot

March brings another round of exciting updates at Scrut, focused on making audit preparation easier, access management more reliable, and collaboration more seamless. From streamlined audit scheduling to powerful integrations, here's what's new this month:

• User access reviews: Automate access management with built-in workflows, system integrations, and real-time tracking.
• Unified audit calendar: Manage internal and external audits effortlessly with a clear, visual calendar.
• Trust Vault improvements: Better access controls, evidence organization, and manual logout support.
• Export functionality: Quickly generate shareable reports from your controls, policies, and evidence modules.
• Expanded integrations: New integrations like Jira automation, Trello, PingOne SSO, and improved Slack notifications.
• New frameworks: Support for SEBI CSCRF and NIST 800-53 (High Baseline) to meet evolving standards.

User access reviews with automated workflows, risk checks, and continuous monitoring

Managing user access manually is like trying to juggle too many balls at once mistakes are bound to happen. Without a clear system, ex-employees might still have access, and tracking who can see what becomes a tangled mess. This not only opens the door to security risks but also makes passing audits a real headache.

Scrut's Access Review Module automates the entire process by ensuring that only the right people have access to the right information, keeping your organization secure and compliant.

Here's what's new:

• Automated workflows: The module integrates seamlessly with your existing systems like Single Sign-On (SSO), Identity and Access Management (IAM), and Human Resources (HR) platforms to pull in user access data automatically. This means no more manual data entry or tracking.
  
• Advanced review features: It flags high-risk accounts, such as those belonging to former employees or users with excessive privileges, so you can address potential issues before they become problems.
  
• Structured approvals: A two-step approval process ensures that any changes to user access are thoroughly vetted, adding an extra layer of security.
  
• Compliance-ready reporting: The module generates detailed reports that are ready for audits, saving you time and reducing stress when it's time to demonstrate compliance.
  
• Real-time monitoring: Continuous oversight means you're always up-to-date on who has access to what, allowing for swift action if something seems amiss.
  Flexible audit creation via multiple audits, calendar view, and dashboard sync.

Updates to Trust Vault: Access, framework settings, and session management

As part of our ongoing efforts to make Trust Vault more intuitive, secure, and customizable, we've rolled out a series of enhancements across three key areas: user session management, compliance framework configuration, and reclaim access workflows. It's now easier to control access, customize your compliance view, and streamline user request handling for a smoother, more secure experience across the board.

• On-demand session logout: Users can log out anytime, ending sessions across devices with OTP-based reauthentication.

• Smarter access reclaim: Expired access requests now move to a Pending' tab with labels like New or Reclaim for easy categorization and faster review.

• Custom framework settings: Admins can now edit, hide, or delete frameworks and even brand them with custom logos.

• Audit trail for access changes: All access edits, including reclaims, are now logged for full visibility.

These updates give you tighter control over access, greater flexibility in managing frameworks, and clearer visibility into user actions making Trust Vault more powerful and easier to use than ever. Connect with your Scrut CSM for more information, or if you're new, book a demo to see Trust Vault in action.

Improved export functionality across controls, policy, and evidence

Previously, exporting attachments for policies and evidence meant selecting a specific framework, which limited flexibility and added extra steps.

To fix that, we've rolled out a more flexible, user-friendly export experience that works the way you expect it to letting you export only what's relevant in just a few clicks.

Now, you can quickly export comprehensive data from your Controls, Policy, and Evidence modules directly into relevant, shareable reports.

Here's what's new:

• Standardized export: Exporting is consistent across Controls, Policies, and Evidence. Go to the module, apply your filters, and hit Export to download the filtered table.
• Framework-free attachment exports: You no longer need to export by framework. Simply select the policies or evidence tasks you want and export only those attachments using a new checkbox selection feature.
• Bulk attachment export: Need to export multiple attachments at once? Just bulk-select the items you want and click Export Attachments. You'll get a pop-up summarizing how many items have attachments, and once confirmed, the files are emailed directly to you.
• More visibility in policy tables: You can now view and export additional information to improve documentation and oversight.

Now, you can quickly export comprehensive data from your Controls, Policy, and Evidence modules directly into relevant, shareable reports. These enhancements put you in control making it faster to filter, select, and export exactly what you need without jumping through hoops.

Ready to try the new export experience? Reach out to your Scrut CSM for a quick walkthrough, or book a demo if you're new here.

New and updated integrations

• Jira ticket creation automation (Updated): Say goodbye to repetitive evidence task creation. Scrut now automates Jira ticket generation for recurring compliance activities retaining all relevant metadata and updating only what's needed (like titles and deadlines). With built-in error handling, you'll receive real-time alerts and detailed logs to keep workflows up-to-date and timely.
• Trello integration (Updated): Effortlessly create new Trello tasks or link existing ones right from Scrut. Track their real-time status and streamline collaboration across teams, all without switching platforms.
• PingOne SSO integration (New): Securely simplify user access management with Scrut's new PingOne Single Sign-On (SSO) integration. Users can now log in seamlessly using their PingOne credentials, reducing password fatigue, enhancing security, and streamlining access control all within the Scrut platform.
• Enhanced Slack notifications (Updated): Scrut's latest Slack notification update adds support for the Vendor module. Users will now receive Slack notifications for pending vendor assessments, submitted questionnaires, onboarding requests, mitigation tasks, and vendor questionnaire submissions.

Explore our full range of integrations or fill out the platform integration feedback form to request new integrations.

New frameworks

Our latest additions to the Scrut Framework library come with pre-mapped, audit-ready controls designed to help you meet the most current security and regulatory standards faster and with fewer manual effort.

Here's what's new:

• SEBI Cyber Security and Cyber Resilience Framework (CSCRF): Specifically designed for financial institutions regulated by SEBI, this framework helps you strengthen cybersecurity measures, proactively manage risks, and maintain regulatory compliance effortlessly.
  
• NIST 800-53 (High Baseline): Ideal for organizations handling highly sensitive data, the High Baseline provides rigorous security controls, giving you peace of mind that your critical information remains protected against advanced threats.
  

Browse Scrut's framework library or reach out to your Scrut CSM to request additional frameworks tailored to your compliance needs.Stay tuned for more practical compliance insights, and don't forget to subscribe to our newsletter, GRC Wire, for expert tips and updates.