How WorkJam turned GRC from a roadblock to business accelerator

THE COMPANY

A growing digital frontline workplace software provider seeks its own digital transformation

WorkJam gives distributed organizations an all-in-one digital solution to connect, train, and manage their frontline teams.

Some of the biggest names in the hospitality, supermarket, retail, and convenience store sectors trust the Montreal-based company to transition from siloed and noncompliant tools to a comprehensive platform that integrates workforce scheduling, communications, task management, audits, earned wage access, and more. 

To meet its customers’ evolving workforce orchestration needs, WorkJam’s engineering and development teams have been busy. The company released multiple new app features in a recent 12-month span. And since opening three satellite offices and adding several large clients to their roster, WorkJam has moved “beyond startup phase,” says Tony English, WorkJam’s CISO.

As WorkJam scaled, the manual, time-consuming governance, risk, and compliance (GRC) processes weren’t keeping pace with customers’ security and compliance demands. Tony and his small IT security team needed to change their approach to maintain WorkJam’s competitive edge.

‍

THE CHALLENGE

Manual, fragmented GRC processes and an internal trust gap

Tony joined WorkJam to find a small team taking a “screenshots and spreadsheets” approach to security and compliance. Manual, point-in-time checking and verification created a significant amount of extra work. “It was a bit horrific to manage things manually,” he recalls.

Time-consuming processes and human resource constraints limited WorkJam’s security team to the bare essentials. They spent much of their time on SOC 2 audits covering WorkJam’s dozens of third-party vendors and maintaining compliance with “absolute requirements” like GDPR, ISO 27001, and ISO 27017, Tony says. They had no bandwidth to advance WorkJam’s security program to meet evolving customer needs.

Additionally, Tony and his team had no established GRC process and only a point-in-time view of WorkJam’s security infrastructure. This created a gap between WorkJam’s security team and its larger engineering and development departments. Those teams didn't have insights into WorkJam’s GRC program, leading to a lack of collaboration.

WorkJam needed a single source of truth that clearly demonstrated the value of GRC to the wider organization. Moreover, the team needed a solution that could streamline manual compliance workflows, integrate seamlessly with WorkJam’s other software tools, and enable continuous monitoring of its security posture. Legacy GRC platforms weren’t going to fit the bill: while they help security pros track and manage the time-intensive work of preparing for and executing compliance audits, they don’t reduce the manual effort involved. 

“We had three people working on it constantly, and a consultant, and we couldn’t keep it operational to a level we could actually utilize it,” Tony says, referring to a legacy GRC platform he’d implemented in a previous role. 

Vanta posed an exciting opportunity to streamline and grow WorkJam’s approach to GRC.

{{quote-2}}

‍

THE SOLUTION

A single source of truth that scales with the business

Tony’s team felt confident that Vanta was the right partner to help WorkJam manage its customers’ increasingly complex security requirements as Vanta could continuously evolve and scale alongside their needs. “Security isn’t stagnant. It changes constantly and the threats change constantly with it,” Tony says. “We needed a tool that could evolve as well.” Other tools felt stuck in time without a vision for the future. 

The decisive difference, says Tony, was Vanta’s ease of implementation. A quick demo confirmed that WorkJam could implement and use the platform faster than competing solutions. “As soon as we turned the lights on, we were getting data inside of Vanta that we could use on that same cycle,” says Tony. “We didn't have to wait.” 

Vanta also brought 375+ third-party integrations to the partnership, including identity, productivity, version control, and cloud infrastructure. “It had all the features we wanted and some we didn't know we needed,” Tony says.

Continuous GRC

WorkJam automates large portions of its compliance workflow with Vanta’s continuous GRC capabilities. With help from Vanta’s cloud integrations, the solution works in the background to uncover potential security weaknesses and alert WorkJam right away.

Vanta’s 35+ pre-built, customizable compliance frameworks also give WorkJam everything it needs to piece together a unified compliance picture to refer back to. They immediately laid the groundwork for its small but mighty security team to accelerate what they did before: develop security processes and effectively convey their impact to company leadership.

Access Reviews

WorkJam orchestrates credentials and access permissions for hundreds of employees and dozens of third-party vendors with Vanta’s Access Reviews tool. WorkJam can manage internal and external permissions in real time while spending significantly less on quarterly access reviews.

Vendor Risk Management

Third-party supply chain security is vital to WorkJam and its customers. With Vanta’s Vendor Risk Management, WorkJam can easily manage third parties and reassure customers they’ve been thoroughly checked and assessed. WorkJam uses Vendor Risk Management to manage third-party vendor review dates as well as store the information from third-party security reports and questionnaires. Tony and his team also uses Vanta AI to review these reports, provide summaries, and identify any pain points related to a vendor’s security.   

“Vanta reminds us when the review date has come up. It helps us with storing information,” says Tony. “We're using the new AI feature to review the reports that are sent to us from third parties. It gives us a summary of information so we can actually look at the pain points in that report.” 

Trust Center

Vanta’s Trust Center is more than a public-facing security portal. For Tony and his team, the Trust Center acts as a customer relationship management asset and a sales channel. 

For current WorkJam customers, the Trust Center is a comprehensive resource that allows clients to review WorkJam’s security posture. And because it’s public, it’s a beacon for potential clients seeking security-conscious workforce management partners, making it a powerful proof point for WorkJam’s sales team.

“The Trust Center has been extremely useful on our sales side,” Tony says. ‘We know people are interested in what we have there, and for us, that's free publicity.”

WorkJam’s Trust Center also helped the security team build trust with senior management, who were initially hesitant to go public with security information. Tony and his team eventually convinced them that transparency would set WorkJam apart from competitors—and he was right.

‍

THE IMPACT

A dynamic GRC platform that saves time and drives growth

Two years into its GRC journey with Vanta, WorkJam’s IT security infrastructure is stronger, more proactive, and more efficient than before. WorkJam now has a platform that centralizes vendor trust that’s integrated into the core of its business, driving recurring revenue.

With Vanta, Tony’s team saves weeks of work each year. Compliance checks now take about an hour a week, instead of seven to eight. Additionally, WorkJam saves about three to four hours of work per vendor annually with Vendor Risk Management. These savings translate into more time Tony and his team can focus on improving and expanding WorkJam’s security infrastructure and accommodating the evolving needs of their growing client base.              

Vanta’s impact also extends to the wider organization, with WorkJam’s sales team harnessing Vanta’s Trust Center to attract and close new customers.

“Vanta has proven to be a boon to our sales and our exposure,” Tony says. “My security compliance team now plays a major role in the growth of the company.”

{{quote-3}}