Transforming manual cybersecurity assessments through strategic platform optimization

“It was clear that Turnkey's mission was to empower us to be successful with what we learned, not be dependent on them to go back and need more hours.”

— Peggy Wilson, Senior Information Technology Auditor

Challenge

Texas Mutual needed to replace its cybersecurity assessment tool, which was reaching end-of-support, but were reluctant to invest in another standalone tool that might not deliver all the required functionality. They employed Turnkey to explore alternative tooling and enhance how teams  conducted their cybersecurity assessments, addressing specific challenges including:

• Achieving National Institute of Standards and Technology (NIST) compliance requirements: Meeting the standards defined by the US government’s NIST Cybersecurity Framework (CSF) assessment, including proper mapping and integration capabilities to support enhanced cybersecurity assessments. 
• Manual, fragmented processes: Assessment scoring, stakeholder planning, and questionnaire compilation relied heavily on spreadsheets and email coordination. Each assessment cycle required extensive manual data aggregation to generate insights, consuming substantial time and resources throughout the process. 
• Limited transparency: Pre-built questions and tick-box answers lacked clear mapping to regulation standards, were often redundant as they tried to blend International Organization for Standardization (ISO) and NIST frameworks, and were repetitive, causing stakeholder disengagement.
• Reporting bottlenecks: The high-level dashboard was limited to overall scores. An absence of detailed, real-time reporting capabilities meant progress couldn’t be tracked (unless done manually in Excel) and granular insights couldn’t be uncovered. A lack of historical context therefore hindered the cybersecurity maturity journey. 
• Complex stakeholder coordination: Assessment questionnaires had to be attached to emails and sent to participants spanning multiple departments. This made it difficult to track questionnaire completion and for the assessment team to follow up on outstanding items. 

Solution

When Texas Mutual approached Turnkey for guidance on their cybersecurity assessment challenges, Turnkey identified an
opportunity to leverage and expand Texas Mutual's existing Diligent  platform investment. This required process reengineering involving several Diligent modules that Texas Mutual hadn't used before and building a scalable foundation for future audit expansion into other industry regulations and assessment types. 

Turnkey’s expert team identified a solution that capitalized on a key advantage: the NIST cybersecurity framework
assessment could be integrated into Diligent, eliminating the need for a separate tool and enabling cybersecurity
assessments and NIST requirements to be directly linked within a single platform. By setting the assessment up in this
way, Texas Mutual could leverage and expand its existing investment, avoid additional software licensing costs, and
keep the complexity and risk surface of the technology landscape to a minimum.

Rather than delivering a standard implementation, Turnkey adopted a consultative approach and iterative development
process tailored to Texas Mutual's specific needs. Through detailed requirements gathering sessions and close
collaboration, Turnkey built a prototype and walked the client through line-by-line reviews before handover. This humancentered, flexible approach — complemented by weekly calls, regular touchpoints, and immediate issue resolution
during testing — facilitated trust in the enhanced solution as well as the broader platform capabilities.

End-users were supported by a series of structured training and knowledge transfer sessions, encompassing user
admin, prototype walkthrough, reporting, and bulk uploads. These sessions built rapport, encouraged active learning,
and were backed up by extensive documentation and post-training video tutorials for future reference.

Results

The successful deployment gives Texas Mutual customized workflows and questionnaire modules, mapped to specific NIST CSF 2.0 requirements and delivered directly to stakeholder inboxes. Each question is clearly tagged so that respondents  understand the context. The platform also provides the ability to submit additional evidence and selfassess through a preliminary grading system.

Automated coordination and workflow management ensure questionnaires are automatically distributed, without the need for
manual tracking or extensive email chains. Stakeholders can complete questionnaires in the platform or via email at their own pace, accommodating their preferences and reducing resistance. Email responses automatically populate in the platform for data consistency and efficiency.

Custom dashboards track questionnaire progress, control testing, and results, feeding into integrated, real-time reporting without the need for manual  logging. Information can be pulled at any time,  allowing performance trends to be tracked with upto-date data, with multiple reporting tools available for different stakeholder needs. 

Benefits

The successful implementation and ongoing management of  the enhanced Diligent assessment platform have been transformative for Texas Mutual. They now benefit from: 

• Enhanced process efficiency: A clear focus on NIST 2.0 enabled the reduction of questions in the questionnaire from 150 to 106 without compromising coverage. The elimination of multiple manual touchpoints and spreadsheet-based management through a single platform also helped reduce coordination complexity and streamline workflows from questionnaire distribution all the way to final reporting. 
• Improved visibility and insights: Custom dashboards deliver immediate visibility into assessment progress. With real-time tracking of results and performance trends, underperforming areas can now be identified more quickly. 
• Platform capability discovery: Thanks to user admin training, Texas Mutual now has a far greater understanding of different Diligent functionalities, helping them maximize their return on their existing investment. 
• Future-proofed architecture: The foundations are now in place to conduct the entire audit function within a single platform, supported by enhanced automation and reporting within Diligent, helping Texas Mutual avoid tool proliferation and unnecessary complexity in management.