Scrut Automation, a provider of a cloud-based Governance, Risk, and Compliance (GRC) platform, has announced securing $10 million in fresh funding. This growth capital round comes from existing investors Lightspeed, MassMutual Ventures, and Endiya Partners, bringing the company’s total venture funding to $20.5 million since its inception in 2021.
The funds will be directed towards enhancing Scrut’s platform capabilities, integrating generative AI functionalities to streamline risk and compliance tasks, and expanding operations across North America and Europe.
A few months back we did a feature on “the importance of risk management in collective investment trusts.” You can give it a read as well.
How is Scrut Automation addressing challenges in mid-market GRC
US-based Scrut Automation was specifically designed to cater to the unique risk and compliance needs of fast-growing technology companies in highly regulated industries. These businesses often face stringent compliance requirements from regulatory bodies and industry groups, coupled with pressure to manage risks effectively.
However, limited budgets and understaffed teams can hinder their efforts. The situation is further complicated by a rapidly evolving threat landscape driven by factors such as the adoption of generative AI, workforce reductions in cybersecurity teams, and the widening cybersecurity skills gap.
“Mid-market companies are presented with limited options,” explains Aayush Ghosh Choudhury, Scrut Automation’s Co-founder and CEO. “They can either opt for generic, off-the-shelf compliance automation tools that don’t consider an organisation’s specific needs, or invest in expensive enterprise-grade solutions with lengthy implementation times and underutilised features.”
Tailored GRC programs and automation
Scrut Automation offers a compelling alternative, enabling mid-market companies to build scalable GRC programs that align with their specific goals, risks, and resource constraints. The platform helps businesses consolidate compliance and risk management processes while contextualising risks, eliminating duplication of efforts, and automating control monitoring.
“A key differentiator for Scrut is the exceptional level of flexibility it offers in creating GRC programs that seamlessly adapt to individual customer environments,” says Choudhury. “For instance, a healthcare services company will have vastly different compliance frameworks, regulations, and risks compared to a financial services company focused on lending. Scrut accounts for these nuances, and the platform adapts accordingly. Additionally, Scrut has built industry-specific expertise into the platform for regulated sectors like healthcare, financial services, and enterprise software, offering a combination of automation and domain knowledge.”
Deep automation and real-time visibility
Scrut’s platform merges this adaptability with advanced automation capabilities and a proprietary unifying control framework. By integrating with over 75 third-party products, Scrut automates a significant portion of control testing, reducing the manual effort required for chasing control owners and collecting evidence. This empowers GRC teams to gain near real-time visibility into their risk and compliance posture, allowing for swift corrective actions when necessary. The unifying control framework connects an organisation’s controls to compliance requirements, eliminating the need for repetitive efforts in demonstrating adherence to various frameworks.
Customer success and future focus
Keshav Kumar, Data Protection Officer at Scrut customer VWO, highlights the platform’s benefits: “Our rapid growth necessitated expansion into new regions and industries, which significantly increased our compliance requirements. Managing compliance information across various stakeholders through emails, spreadsheets, and Slack channels was a cumbersome task. Scrut has eliminated this burden since its implementation.”
Looking ahead, Scrut aims to leverage AI to develop a first-of-its-kind GRC concierge that empowers mid-market companies to build robust risk and compliance practices with reduced reliance on human expertise.
What does investors say about Scrut
“Strong security posture has always been paramount for large enterprises globally,” comments Dev Khare, Partner at Lightspeed. “The growing number of security breaches and attacks in recent years, along with stricter compliance regulations, are prompting mid-sized enterprises to adopt robust GRC practices. Scrut’s user-friendly and leading platform simplifies this process for security and GRC teams. We are delighted to reiterate our support for the Scrut team.”
Scrut Automation’s achievements extend beyond funding. The company has received recognition from G2, a social software review platform, being featured on their 2024 lists for fastest-growing products and best security software.
Founders’ vision and industry expertise
Scrut Automation’s co-founders, Aayush Ghosh Choudhury and Jayesh Gadewar, identified the widespread challenges in meeting risk and compliance needs while building a procurement suite. Partnering with Kush Kaushik, their third co-founder with extensive experience in navigating compliance complexities, they established Scrut Automation. The company has since empowered over 800 customers worldwide to build enterprise-grade GRC programs.
Scrut has also bolstered its team with experienced industry veterans and advisors from the SaaS and cybersecurity sectors. Some notable names include Sandeep Johri (CEO, CheckMarx), Sachin Lawande (CEO, Visteon), Vetri Vellore (Ex-Corporate VP at Microsoft), Naresh Agarwal (Head of India R&D for Traceable), Davis Hake (Co-founder, Resilience), and Todd Dekkinga (CISO, Zluri).
What do we think about the startup
Scrut Automation’s latest funding round and ongoing industry recognition position the company as a key player in the evolving GRC landscape. By offering a unique blend of tailored automation, deep domain expertise, and a focus on mid-market needs, Scrut is well-positioned to empower businesses in building robust and efficient risk and compliance programs.
The company’s commitment to leveraging AI for further streamlining GRC processes positions it to be a valuable partner for mid-market companies navigating the complexities of today’s security environment.
