January 29, 2021

ISO 27001 is manageable and not out of reach for anyone!

It’s a process made up of things you already know – and things you may already be doing.
Get your ISO 27001 Roadmap – Downloaded over 4,000 times

Last Updated on January 15, 2024

Today’s companies face more and tougher regulations driving them to meet challenging, often overlapping cybersecurity and privacy requirements. At the same time, their management, clients, prospects and partners are increasingly requesting assurance that they are in compliance and able to protect sensitive data.

To keep pace with compliance demands, organizations must move from an “occasional compliance” (“Let’s just get past this audit…”) mindset to a culture of “continuous compliance” where you can prove compliance and answer stakeholder questions on demand, anytime.

What does this shift mean for the governance, risk and compliance (GRC) software marketplace and its user base? Who will the winners and losers be in this “disrupted” space?

To discuss the emerging GRC value proposition and how organizations can leverage modern GRC tools to integrate and automate compliance, Craig Unger, Founder and CEO at GRC SaaS disruptor Hyperproofwas our guest on a recent episode of The Virtual CISO Podcast. 

“We’re very focused on the disruption that comes around with continuous compliance and the generalized concept of compliance operation,” Craig asserts. “We’re creating a platform that allows you to operate an entire compliance activity inside a company.”

Craig continues: “GRC, historically, has been broader; there’s elements of governance in there. There’s some overlap there with risk, for sure. But it’s been kind of ‘boil the ocean’ exercise for too long. So [historically] you’re trying to do a very wide range of capability for a very limited number of people. The thing we’re trying to disrupt, and where we think the industry is going, is you can’t really reduce an organization’s risk profile unless you get the best of what everybody has to offer. And the only way you’re going to get that is if you give them systems that they’re actually interested in using, that are simple to use and that work the way they work.”

Craig looks back to when he was the GM for Microsoft Dynamics CRM in 2006: “It was really just core sales teams and marketing teams that were using those CRM systems. But by the time Salesforce and Dynamics CRM came out, if you look at the percentage of people inside an organization that have access in some way to a CRM system, it’s much, much greater now. That’s exactly the way compliance is going. In five years, we’ll all have different levels of access. We’ll spend different amounts of time in there.”

“We understand that compliance isn’t what people are trying to do every day,” says Craig. “But it’s a very important thing. It’s not necessarily the focus of their job for a large set of people, though for some others it is. But everybody needs access to that tool.

“If you look at the SaaS industry generally, there’s a move to take a lot of these general-purpose concepts like collaboration and integration, and specialize them,” Craig points out. “So, it used to be, you had generalized integration vendors and now you see integration for DevOps and integration for financial or for auditors and all these different specializations happening. And that’s going to happen on collaboration, too. You need a special set of tools to collaborate for this specific use case.

“So that’s the disruption—

bringing the usage model into the 21st century and allowing us to unlock what needs to be unlocked inside our organizations,” recaps Craig. “I think we’re leading that charge right now. And, I think, slowly a wave is coming out where partners, organizations like [Pivot Point Security] but also the ones that issue opinions like the CPA firms, realize that they have to be on top of this change or they have to help guide it.” 

If you have a stake in your organization’s compliance posture, you’ll want to listen to this show featuring Craig Unger. You’ll find it here, along with the growing selection of other episodes in The Virtual CISO Podcast series

If you don’t use Apple Podcasts, you’ll find all our episodes here. 



ISO 27001 Recipe & Ingredients for Certification eBrief

ISO 27001 Recipe & Ingredients for Certification eBrief Discover what you need to achieve ISO 27001 certification! This eBrief will give you a quick and easily digestible introduction to the ISO 27001 standard and the process of becoming ISO 27001 certified.