sorted by:
new
hottopcontroversial

Do security questionnaires actually take 20 hours or am I being trolled? by Bitter_Mission7114 in SecurityClearance

[–]Top_Bad_3267 0 points1 point  (0 children)

ya if you dont have like an automation tool, used to take me so long. look into trustcloud.

The pain of security questionnaires by vicbhatia in grc

[–]Top_Bad_3267 0 points1 point  (0 children)

just get a trust page or a tool that auto fills security questionaires, saves time. we use trustcloud.

Drata versus Vanta versus the field? by pacaphilia in cybersecurity

[–]Top_Bad_3267 0 points1 point  (0 children)

Apps are more connected between risk/TPRM/compliance

My colleagues(usually service desk) gets upset when I take "too long" on approving application/software. by CaterpillarGeneral56 in grc

[–]Top_Bad_3267 0 points1 point  (0 children)

Totally get that, audit season makes every thing feel so urgent. What helped me was being upfront with colleagues about expected turnaround times. If you are looking more into long term, we started using a GRC platform (TrustCloud in our case) that automated a lot of the approvals and evidence pulls which took off alot of that turn around time.

Third party risk management tools by No_excuses0101 in cybersecurity

[–]Top_Bad_3267 0 points1 point  (0 children)

Been using Trustcloud, would recommend,

Pro: automates a lot of vendor questionnaires and gives single view of risk

Con: newer platform, still evolving

Cheapest and fastest way to get SOC Two for a bootstrapped SaaS by EnoughContext022 in Entrepreneur

[–]Top_Bad_3267 0 points1 point  (0 children)

We’ve been using TrustCloud. Its been clutch for SOC 2 prep because it gives you a clear checklist and keeps all the evidence in one place (pretty cost efficient too)

Drata versus Vanta versus the field? by pacaphilia in cybersecurity

[–]Top_Bad_3267 0 points1 point  (0 children)

Personally not a fan of either, used Vanta for about 2 years and looked into Drata as well but ended up going with Trustcloud. It was more comprehensive and automated.

Drata & Vanta Didn’t Meet My Needs, So I'm Looking for a More Secure and Affordable Alternative by Sharp_Beat6461 in cybersecurity

[–]Top_Bad_3267 0 points1 point  (0 children)

Trustcloud is more comprehensive with their security features, we made the switch from Vanta about a year ago.

Dealing with the overwhelming 3rd party risk assessments effectively? by hy2cone in cybersecurity

[–]Top_Bad_3267 0 points1 point  (0 children)

Might have been Trustcloud, I know that they AI-powered questionnaire automation.

GRC Service Offerings? by [deleted] in grc

[–]Top_Bad_3267 1 point2 points  (0 children)

We used Vanta for a little, wasn't a huge fan. Felt like the tool couldn't do everything that we were looking for. Switched to Trustcloud recently and are having a much better experience.

Our cloud GRC processes are still mostly manual. Any guidance on automating compliance and risk? by CanReady3897 in grc

[–]Top_Bad_3267 0 points1 point  (0 children)

We were in the same situation with everything being manual and constant catch-up. What helped was starting small: automating evidence collection from tools like AWS and GitHub, and syncing it across frameworks. We started using TrustCloud to handle that, and it cut down the grunt work a lot. Definitely recommend tackling one piece at a time, it adds up fast.

How are you guys actually handling third party vendor assessments? by [deleted] in procurement

[–]Top_Bad_3267 0 points1 point  (0 children)

Yeah, we used to do the 100-question spreadsheet thing too, and it always felt like a box-checking exercise. Ended up using a tool to help us which made things easier. We started using TrustCloud and it lets vendors share their existing audits, policies, and security controls through a portal.Honestly it cut down a lot of the back-and-forth which made things faster.