RegScale, a GRC software company, announced its acquisition of GovReady, an open-source compliance-as-code platform. We sat down with Greg Elin, OSCAL leader and compliance-as-code evangelist at RegScale, to discuss what the acquisition means for the market and customers.
What made RegScale the right company to acquire GovReady?
RegScale was the right company to acquire GovReady as it combines two companies that are pioneering the automation of cybersecurity compliance. As leaders in implementing NIST’s OSCAL standard for machine-readable System Security Plans (SSPs), this acquisition will only accelerate the adoption of NIST OSCAL standard in the public and private sectors.
RegScale and GovReady have both proven themselves as effective innovators and thought leaders for automating compliance, and with our joint commitment to an API-centric and DevSecOps pipeline compatible approach providing value to both the auditor and audited, the acquisition will accelerate making compliance easier and available to organizations globally. What are some of the core challenges that you're hoping to solve together?
For large organizations, the core challenge is accelerating the compliance process to move at the same speed as business including modern software development and deployment. For smaller organizations who are also increasingly affected by cybersecurity requirements, we need to make the process of compliance understandable and affordable, which we plan to do by making it essentially free to get started through our Community Edition.
To support large and small organizations alike, we need to convert a traditionally paper-based process to an all digital and highly automated process that’s integrated with the DevSecOps CI/CD pipeline. We do this by using pre-built integrations and NIST’s OSCAL data exchange standard to automatically gather and collate compliance evidence from different security tools as part of the DevSecOps pipeline.
Another challenge is decreasing time wasteful, repetitive work through utilizing reusable content and really smart questionnaires that expand the information people know into auditor-ready compliance documentation. How does this combination of talent and resources make you unique in the market?
That’s easy, the combination of talent and resources—especially with RegScales recent $20 million Series A funding round in August—makes us the premier organization for using OSCAL and APIs to automate compliance.
What should customers and the market expect from the new RegScale?
Through this acquisition, customers and the market can expect the best of both RegScale and GovReady—GovReady’s Compliance-as-Code, questionnaire-driven approach to generate SSPs and RegScale’s expert-driven API-centric approach—combined to deliver a market-leading NIST OSCAL-enabled, next-generation GRC platform effectively “shifting-left” compliance for organizations around the globe. Our goal is simple: to bring compliance into the modern era by making it easy and accessible through automation and collaboration. ###