Case Study: Datto achieves 35% audit cost savings and 45-minute SOC 2 gap assessments with Reciprocity’s ZenGRC

Datto Builds Compliance Department Around ZenGRC

Datto, a global provider of cloud-based software and technology for managed service providers, faced a fragmented, spreadsheet-driven compliance program and needed a scalable way to support SOC 2, NIST, CMMC and SOX audits. In 2018 Datto turned to ZenGRC from Reciprocity to build a modern, centralized compliance and risk management program that its security team would actually use.

Reciprocity implemented ZenGRC as a single system of record with one-to-many control mapping, enabling Datto to standardize controls across frameworks, run eight SOC 2 audits annually from a common repository, and audit controls once for reuse. The result: gap assessments shrank from eight months to about 45 minutes, external audit costs dropped by 35%, and Datto gained a scalable, future-proof compliance foundation.

Datto

Christopher Henderson

Director, Information Security