North & Anecdotes

Challenge 

Managing Complexity at Scale: North manages 11 PCI DSS audits each year across multiple business entities, with CompliancePoint conducting the audits using Fieldguide as its audit management platform. In the traditional process, CompliancePoint’s auditors would request evidence, North’s GRC team manually upload it to Fieldguide, and wait for feedback. Doing this repeatedly across all 11 audits created a major bottleneck and quickly became unsustainable, taking time away from more strategic security and compliance work.

Solution

• Automated Evidence Collection: North implemented Anecdotes and configured 35+ out-of-the-box integrations to automatically collect evidence across all 11 entities.
• Direct Platform Integration: With the native Anecdotes–Fieldguide integration, controls and evidence sync automatically to CompliancePoint’s audit platform, eliminating the need for manual uploads.
• Scalable Control Framework: North built a structured control classification model in Anecdotes to eliminate redundant work across audits.

Results 

• Zero Manual Evidence Uploads: Evidence now syncs automatically from Anecdotes to Fieldguide – no manual collection, no duplicate uploads, and no evidence request emails.
• Streamlined Audit Cycles Across 11 Audits: The integration removed operational bottlenecks and created seamless, repeatable audit workflows at scale.
• Centralized Compliance Visibility: Anecdotes became a single source of truth for evidence and control status, giving North clearer insight into compliance across its enterprise security program.

"I really don't like check-the-box compliance. I'm trying to make Anecdotes not just a place to look for evidence but a place where you can see how compliant we are with our entire security program. It's about our enterprise security program as a whole."  Scott Richardson, Head of IT Risk, Governance, and Compliance, North