For Sprout Social, a leading provider of social media brand management solutions, the need to efficiently manage regulatory and compliance requirements in a way that integrated with the diverse application estate, became increasingly crucial as the company grew.

Sprout Social’s GRC team was handling access reviews manually, using a ticketing system that created cumbersome workflows and awkward timing in notifications. With increasing pressure to maintain strict compliance with Sarbanes-Oxley (SOX) and SOC 2 requirements, Sprout needed a more streamlined process.

The Sprout team had an extensive set of goals for this project:

• Free up time for the GRC team and access reviewers: The manual process for conducting user access reviews was time-consuming — and an extra task for app owners that pulled them away from their day-to-day duties.
• Support a growing scope of tools: As Sprout Social continued to grow, the number of tools that required regular review for compliance purposes expanded as well. They required a solution to support a broader range of applications and integrate with the existing tech stack.
• Improve communication processes for reviewers: Sprout’s previous ticketing system-based process often created confusing or misaligned notification issues leading to duplicated work and making it harder to track and manage access review tasks effectively.

‍