Solstice Bank maps controls across frameworks
How Solstice Bank worked with us on maps controls across frameworks.
We collect evidence once now and it satisfies three frameworks. Audit season stopped being a sprint.Marcus Garcia, Head of Regulatory Affairs, Solstice Bank
The challenge
Each audit meant weeks of screenshots and spreadsheet evidence, and the same control was tested separately for SOC 2, ISO 27001, and internal audit with no reuse between them.
Our approach
We connected the firm's core systems, mapped one control set across its frameworks, and automated evidence collection with provenance so a single artefact satisfied multiple requirements.
The result
Audit evidence gathering dropped from weeks to days, and the team reused a single evidence set across three frameworks instead of testing each separately.
Each audit meant weeks of screenshots and spreadsheet evidence, and the same control was tested separately for SOC 2, ISO 27001, and internal audit with no reuse between them. We connected the firm's core systems, mapped one control set across its frameworks, and automated evidence collection with provenance so a single artefact satisfied multiple requirements. Audit evidence gathering dropped from weeks to days, and the team reused a single evidence set across three frameworks instead of testin
This case study is written by the vendor and describes their own work. Outcomes have not been independently verified by RegTech Radar.