My usual use case for Scytale is for ISO 27001 compliance.

The inbuilt framework was reasonable on 27001, and the policy support was reasonable. Scytale's customizable policy framework seems acceptable.

Scytale unilaterally suspended access because in their opinion, I don't know why they did that. I'm assuming they think that we're competitive, which we're not. They sold us the system and sent a contract to us in full knowledge of what we do as a business. Compliance is a very broad word; we provide compliance into nonprofits, housing associations, markets that these guys do not serve. Somebody inside Scytale likely thought, "Oh my God, these guys must be competitive, so let's just cut them off." I'm assuming that's what happened, but there was no explanation, nothing.

Scytale did not help me streamline my compliance processes. It didn't really identify gaps. There was no gap analysis in there that we could see. I didn't really get that far to use the effectiveness of Scytale's real-time insights in identifying potential compliance issues. All my experiences with Scytale have been negative. We haven't used the automated evidence collection of Scytale. Scytale has not helped me allocate resources more efficiently for compliance; it's been the opposite experience. We have put six months of effort into looking at the controls on 27001, talking about auditors, getting audit-ready, and so forth. But we've invested significant time, which has now been a complete waste of time.

Scytale is not only unreliable, considering they can suspend access without any notice or formal reason, but this lack of stability results in serious concerns about their dependability as a partner. If they can do that without explanation, my fear is that even if they switch it on again, who's to know in three months' time that the same thing couldn't happen again?

I have been working with Scytale for about six months.

Scytale is not reliable at all; not stable. You would be unwise to put a mission-critical function like ISO 27001 on Scytale. From one to ten, I would rate the stability and reliability of Scytale as a one.

We have communicated with the technical support and customer service of Scytale. My experience with them is that the response time is very slow from Scytale. You get a ticket, and maybe a couple of days later, people might get back to you. When we asked Scytale for an explanation as to why they did what they did, there was no response—either direct LinkedIn messages out to their CEO and senior management team or in-app messages to their customer support service—just no response. I thought they'd gone out of business; that was my assumption when we couldn't access the system. Based on my experience with the technical support, I would definitely rate them a one.

We did not use a different solution for these use cases before Scytale.

Initially, I participated in the setup and deployment of Scytale, but then it was passed on to a staff member.

The processes I participated in during the setup of Scytale were straightforward; it was acceptable and fine.

We did evaluate other options and vendors before choosing Scytale; we looked at Vanta and Drata. We decided to go with Scytale over Drata or Vanta because we thought the interface was a bit nicer, and we thought that maybe they were a smaller company that we would get better support from as opposed to Vanta.

We're going to sue Scytale, and we're going to sue Amazon as well because they're technically the people we're paying.

My feedback on Scytale is that it's terrible.

Currently, it's actually useless to us. When we were using it, it was good.

We used elements of integration into our core subsystems.

We were working with it and building it up; we had spent probably about a man-month in that six months, which has now been a wasted effort.

We've had a month of a man-month of effort, and now we have to go back to square one, go to Vanta or go to Drata or one of the other competitors, and that's what we're going to do next.

Scytale unilaterally suspended access because we have a subscription through Amazon marketplace, paying monthly, and we're not direct competitors with Scytale. We provide compliance services into specific vertical markets like credit unions and financial institutions. We don't do security compliance, which is their bread and butter or their primary market.

We went back because we were using Scytale for ISO 27001 certification and had put about six months' work into it. There was no formal reason, no notice, nothing. We just tried to log in one day and couldn't, and then reached out; a junior customer service representative said, "Oh, no, it's with our legal department," and provided no explanation.

I rate this review overall as a one out of ten.