Thornbury Capital maps controls across frameworks
How Thornbury Capital worked with us on maps controls across frameworks.
We collect evidence once now and it satisfies three frameworks. Audit season stopped being a sprint.Chloe Bianchi, Head of Financial Crime, Thornbury Capital
The challenge
Each audit meant weeks of screenshots and spreadsheet evidence, and the same control was tested separately for SOC 2, ISO 27001, and internal audit with no reuse between them.
Our approach
We connected the firm's core systems, mapped one control set across its frameworks, and automated evidence collection with provenance so a single artefact satisfied multiple requirements.
The result
Access-review exceptions became visible and were closed on cycle, and audit no longer required reconstructing who approved what.
Each audit meant weeks of screenshots and spreadsheet evidence, and the same control was tested separately for SOC 2, ISO 27001, and internal audit with no reuse between them. We connected the firm's core systems, mapped one control set across its frameworks, and automated evidence collection with provenance so a single artefact satisfied multiple requirements. Access-review exceptions became visible and were closed on cycle, and audit no longer required reconstructing who approved what.
This case study is written by the vendor and describes their own work. Outcomes have not been independently verified by RegTech Radar.