Summary
To achieve rapid compliance across ISO 27001, SOC 2, and ISO 42001 while maintaining a nimble team, UK-based retail security leader Facewatch partnered with Automat-it and Vanta. This strategic collaboration replaced manual oversight with automated evidence collection and expert-led infrastructure management, resulting in record-speed certifications and significant resource efficiency.
About Facewatch
Facewatch is the UK’s leading facial recognition company providing a cloud-based facial recognition security system to safeguard businesses against crime and create a safer environment for customers and colleagues.
Facewatch is simple, secure, UK law-compliant, and proven to stop crime before it happens. The system matches faces against known offenders as they enter your premises and sends an alert instantly, and a database is shared by geography with every Facewatch subscriber, helping to deter thieves operating in your area.
The Challenge: Navigating “Chaotic” Compliance Demands
As Facewatch scaled its AI-driven platform, the company faced the daunting task of achieving compliance across multiple rigorous frameworks: ISO 27001, SOC 2 Type 1 and 2, and the emerging AI-specific ISO 42001.
Specifically, they were looking to overcome:
- Resource Constraints: As a scale-up, Facewatch needed to remain lean and avoid the high costs of hiring an internal Governance, Risk, and Compliance (GRC) team or purchasing enterprise-heavy solutions.
- Technical Hurdles: Establishing stringent access control and managing M365 environments required expertise outside traditional software development.
- AI Regulatory Pressure: Because Facewatch operates with non-deterministic technologies (ML and GenAI), they face unique requirements regarding AI risk management, bias elimination, and accuracy calculation.
The Solution: A Strategic Compliance Trifecta
Facewatch turned to Automat-it as their trusted infrastructure partner. Automat-it subsequently integrated Vanta, an automated trust management platform with which Automat-it has a collaborative partnership, to create a powerful ecosystem for security and compliance.
Key components of the solution included:
- AWS Landing Zone Deployment: Automat-it established a centralized AWS Landing Zone to unify access and log management across disjointed accounts—a fundamental requirement for passing security audits.
- Automated Evidence Collection: Using Vanta’s API integrations, the team continuously pulled configuration metadata from AWS to verify security controls, eliminating the need for manual screenshots.
- 24/7 Infrastructure Monitoring: Automat-it provided round-the-clock monitoring and “hot compute” support during peak retail seasons to ensure constant availability.
- AI-Powered Policy Management: Facewatch utilized Vanta’s AI agent to rapidly navigate auditor requests and leveraged customizable templates to save weeks of manual drafting time.
- Unified Cost Optimization: Automat-it simplified vendor billing and secured improved AWS discounts, allowing Facewatch to reinvest savings into further growth.
The Results: Rapid, Reliable Certifications
By partnering with Automat-it and Vanta, Facewatch successfully transformed a chaotic regulatory burden into a streamlined, automated process.
Key Outcomes Included:
- High-Speed Certification: Achieved ISO 27001 in just 4 months, SOC 2 Type 1 in 2 months, and SOC 2 Type 2 in 3 months.
- Unprecedented GRC Efficiency: Managed three major frameworks with a single internal resource, avoiding the need for a 4–5 person compliance team.
- AI Audit Readiness: Successfully completed the stage-one audit for the complex ISO 42001 framework, positioning themselves as a leader in responsible AI.
- Operational Excellence: Eliminated the immediate need to hire an internal DevOps engineer or Solutions Architect by leveraging Automat-it’s role-based support.
Start Your Journey with Automat-it
Accelerate your compliance and secure your cloud infrastructure. Start your journey with Automat-it and join high-growth innovators like Facewatch.