Sport Alliance, a Hamburg-based provider of gym and membership management software solutions to over 10,000 gym and fitness facilities, needed a compliance approach that could keep up with a growing, globally distributed workforce, hundreds of endpoints, and customers expecting strong security guarantees.
By partnering with Scytale, Sport Alliance replaced fragmented manual processes with guided, AI workflows – gaining real-time visibility across 500+ endpoints, structured risk and vendor management, and a multi-framework foundation built to grow with the business.
Alexander Groth
IT Compliance Lead
at Sport Alliance
“ISO 27001 is about continuous improvement of resilience. With Scytale, we live it in a structured way – guided through every control, with minimal work required from our team. A real gain.”
Before Scytale, Sport Alliance was running compliance through a previous GRC tool, with Confluence pages and Google Workspace documents filling the gaps – a setup that worked early on but couldn’t keep pace as the company grew across countries and hybrid working arrangements.
“Versioning was unclear, distribution was unclear, and actually finding evidence that everyone had read the policies was really difficult to maintain,” explains Alexander Groth, IT Compliance Lead. “Not forgetting any controls was also a challenge.”
For a company being asked by customers and equity stakeholders to demonstrate its security posture, the manual approach had hit a wall.
After evaluating multiple GRC platforms, Sport Alliance made the switch from its previous GRC tool to Scytale for one reason: Scytale pairs guided agentic compliance with on-demand human expertise – a structure that keeps teams accountable without overloading them. “The way Scytale’s AI GRC platform guides you through the controls is really effective,” Alexander notes. “It’s like having a classmate telling you what to do when you haven’t done your homework, and having consultancy attached means you can always ask the questions you’re unsure about which speeds things up a lot.”
Scytale centralizes Sport Alliance’s scaling GRC program, integrates with their tech stack to surface gaps automatically, and gives the team a single, structured place to manage policies, risk, and vendors.
Within weeks of going live, Scytale delivered an unexpected early win – visibility into security gaps the team didn’t know existed.
“Scytale’s integrations were an eye-opener for our environment – they show you where you’re lacking. We found endpoints we didn’t even know weren’t being protected. The transparency that the integrations give us is really helpful.”
The most important outcome isn’t a single metric – it’s a fundamental shift in how compliance gets done at Sport Alliance:
The result is a scalable compliance model that grows with the global business without growing the overhead.
“Having an ISO 27001 certificate on hand really helps when dealing with our customers. It gives confidence to management, the entire organization, and our equity stakeholders that we’ve done our homework and have processes in place to continuously increase our resilience.”
