Overview
Humanforce, an Australia-founded full human capital management (HCM) suite, supports front-line business with their workforce management, talent, human resources, employee benefits and payroll needs. Humanforce aims to make work easier and life better. With a highly regulated Australian labor market, compliance is a core part of their business.
Services Provided
- SOC 2
- ISO/IEC 27001
Challenge
Having recently acquired new businesses, Humanforce faced the challenge of completing SOC 2 and ISO/IEC 27001 audits for four different products in its full suite. With all products already having a stance on SOC 2 and ISO/IEC 27001, it was a “natural view to bring it all together and reduce duplication when it comes to the audit work and process,” said Luke Bongiorno, Chief Product & Technology Officer. “But most importantly, we’re in the market talking about a holistic HCM suite, and we wanted to reflect that on the back end.”
When asked about the challenge of merging multiple companies, Bongiorno shared, “We went from a single product company to a multi-product company over the space of two years, and so a huge amount of change. Completing the acquisitions in a compliant way was paramount to us.”
To assist with bringing the audits together, Humanforce enlisted the CyberNinja team. With an established relationship, this was a seamless flow to begin working on the current audits. When it came time to find an audit partner, it was a no-brainer for Humanforce to keep using its current audit partner, Sensiba. “[Sensiba] have been great partners. We’re really happy with the service we’ve received and the work completed,” said Bongiorno.
“We’ve realized incredible value through Sensiba and CyberNinja. I’ve got no hesitation recommending either of the companies to other people looking for help with managing their security and audit initiatives.”
Luke BongiornoChief Product & Technology Officer, Humanforce
Solution
One area where CyberNinja went above and beyond was helping with Humanforce’s compliance automation tool, Vanta.
“CyberNinja managed that for us and provided a lot of governance. We can leverage Vanta for internal and external sharing and radiate the correct information when needed. We also have a complex environment with four different technology stacks. CyberNinja guides all of these.” Whilst combining four products into each audit was a massive undertaking, Bongiorno reflected on the process, commenting that “it was the right decision. It really drove economies of scale.”
Sensiba was able to provide unity and clarity to Humanforce, which allowed them to complete SOC 2 and ISO/IEC 27001 on the intended deadlines. Through their remote approach, clear scope, owners, and metrics that were set from the start, made the whole process ‘game changing’.
Swapnil Jain, Chief Security Advisor, CyberNinja, shared his thoughts on the audit experience. “To make any security and compliance program succeed, leadership commitment is non-negotiable. At Humanforce, the CEO backed it, tech leaders owned it, and HR, Finance and Legal leaned in, so controls weren’t ‘just tech and security’s problem’. Together, CyberNinja and Sensiba turned that alignment into outcomes. Across multiple projects, our partnership has been exceptional, helping our customers achieve and sustain frameworks like ISO/IEC 27001 and SOC 2. We’re grateful to Sensiba for the collaboration. We’re proud of the progress so far and are dedicated to making next year even more successful.”
Result
Having completed its most recent SOC 2 and ISO/IEC 27001 audits, Humanforce has noticed discussions with stakeholders have become easier due to combining the four different security postures. Deal cycles and security reviews have become easier and faster as a result. Internally, Humanforce has a clearer understanding of ownership, fewer handoffs, and proactive monitoring of controls.
All this ultimately leads to a better standing in the market and a consistent story across its brand.
With SOC 2 and ISO/IEC 27001 completed, Humanforce is extending its compliance posture, having undergone an IRAP assessment for the talent part of the suite, and are looking to do this across the whole business. They are also looking into ISO/IEC 27018 and other data privacy requirements in APAC and North America.
Ready to get started?
Find out how our GRC team can help you with your compliance. Contact us to learn more about how we can work together toward your goals.
Case Studies
Ready for more inspiration? Dive into additional client success stories where we showcase diverse projects, innovative solutions, and the transformative impact we’ve had on businesses like yours.
