Request Demo

  • Overview

    How it Works

    Continuously improve upon the security program while continuing to grow the business.

    Integrations

    Compyl works with the technology your organization works with.

    Products

    Audit Prep

    Begin building a scalable security program.

    Solutions

    Risk management

    Build and maintain a robust risk management process.

    vendor management

    Manage vendor due diligence and risk assessments.

    GRC

    Mature your security program quickly.

    Policy Management

    Create and centralize policies, standards, and procedures.

    Contract Management

    Securely store and monitor all contracts.

    Enterprise

    Streamline security with automated efficiencies.

    Entitlement reviews

    Establish and monitor permissions for all users.

    it asset management

    Catalog, access, and track all IT Assets.

  • Frameworks

    SOC 2 Attestation

    Demonstrate the ability to effectively safeguard customer data's security, integrity, confidentiality, and privacy.

    ISO 27001

    Prove the strength of your Information Security Management System to prospects and customers worldwide.

    HIPAA

    Organizations handling health information need to have measures in place & follow them.

    GDPR

    Regulation for companies that collect and process personal information from individuals in EU.

    PCI

    For organizations that accept, process, store or transmit credit card information.

    NIST CSF

    Guides organizations in any industry to better manage and reduce their cybersecurity risk.

    NIST SP800-53

    Improve the security posture of information systems used within the federal government.

    MAS

    Guidelines to encourage best practices among financial institutions in Singapore.

    HITRUST

    This global security and privacy framework provides comprehensive information, risk, and regulatory protection.

    Any Regulation,
    Any Region,
    Any Time.

    We proactively monitor for the latest frameworks to ensure our customers environments remain secure at all times. Contact us and learn about the additional frameworks Compyl supports.

    See All Frameworks

  • Resources

    Glossary

    Terms used in the InfoSec & Compliance community.

    Blog

    The latest on InfoSec and Compliance trending topics.

    Guides

    Let Us Guide You Through Your InfoSec & Compliance Journey.

    Education Center

    Learn how to use the Compyl Platform.

    Security Sessions

    Watch all Security Session Episodes

    Case Studies

    Real-world stories on how we help our customers.

    Featured

    How long is a soc 2 report valid for?
    How Long Is a SOC 2 Report Valid For?
    Who needs ISO 27001​the professional world?
    Who Needs ISO 27001 Certification and Why?
    What is compliance software and how can it help professionals?
    What Is Compliance Software?

  • Company

    About Us

    Our mission and purpose are unique, just like the solution we created.

    Our Security

    We are very serious about our security. See the measures we take.

    Careers

    Join our diverse team of intelligent, respectful, and passionate individuals.

    Contact Us

    We are ready to secure your organization today!

Request Demo

Torstone Builds World-Class Vendor Management with Compyl

January 17, 2023
Case Study

Compyl expands services beyond compliance for Torstone by implementing a world-class vendor management program.

COMPANY

Torstone

LOCATIONS

London, New York, Singapore, and Tokyo.

EMPLOPYEES

250+

INDUSTRY

FinTech

Solution

SOC 2 Type II Vendor Management

YEARS ON COMPYL

Over 3 years

INTEGRATION

Compyl integrations connect to Torstone's tech stack to automate the evidence-gathering process.

FASTER AUDIT

Compyl has reduced audit times by 80% by centralizing all evidence into a single location.

SCALABLE PROGRAM

Compyl's platform allows Tostones to adopt new requirements across multiple regions quickly.

As our company has scaled up globally Compyl has supported our information security capabilities in jurisdictions around the world, giving us confidence in meeting our compliance and regulatory requirements and helping us achieve full ISO and SOC certifications.
logo
Mack Gill
COO

The Overview

Torstone Technology, a leading global SaaS platform for post-trade securities and derivatives processing, has been using Compyl for several years now, focusing on automating its SOC2 and ISO27001 compliance program. With offices in London, New York, Singapore, and Tokyo, Torstone saw the need for a more robust and centralized vendor management program that limits manual effort, establishes a comprehensive process across all departments involved, and ensures that suppliers are within the company’s risk acceptance level. 

The Challenge

From a compliance perspective, Torstone’s vendor management program has been what’s required of them; however, as they matured over time, the company realized that less manual effort can increase productivity, limit costs and limit the risk exposure to today’s changing supply chain risk landscape. Vendor due diligence requirements were not as straightforward or defined; hence a risk-based approach was needed to limit risk and increase visibility.

The Solution

The Compyl platform had already been implemented for Torstone, which helped them to reduce their audit time by 80%; however, additional functionality was needed to improve their vendor risk profile. Therefore the Vendor Management module was added to Torstone’s Compyl instance. Compyl has improved the vendor risk management program for Torstone over two months which included:

  • Compyl’s unique and semi-automated policy generator allowed for quick vendor risk management policy development and implementation.
  • A vendor register was established that holds necessary information, including but not limited to vendor profile, risk rating, current and previous assessments, contracts, supporting documentation, and additional information, custom to Torstone’s needs.
  • Torstone, with the help of Compyl’s information security experts, has built unique security assessments via the tool’s assessment builder. This allowed Torstone to design and create an unlimited number of custom assessments based on best practice frameworks, standards, risk acceptance levels, and recent security breaches. 
  • Through a unique integration with JIRA and Slack, vendor managers are always up to date with any upcoming assessments or contract expiry/renewal.
  • Compyl’s customer success team trained vendor managers on the new policy and how to use the tool to comply with the new requirements.

Compyl has enabled Torstone to streamline its supply chain risk management program and allowed a more comprehensive view of suppliers. A complete understanding of security posture, privacy compliance, type of access, and data processed by suppliers is now established and maintained through automation. Request a demo to learn more about what we can do for you.

G2 Summer 2024 Reports are out, and our users love Compyl!

Related Posts

The Modern Integrated GRC Platform

LinkedinTwitterYoutube
Overview
Products
Resources
Frameworks
Solutions
Company
Privacy & Terms
© InfoSecToolkit Inc 2024
By clicking “Accept”, you agree to the use of cookies on your device in accordance with our Privacy and Cookie policies
Accept