Introduction
Workleap, an AI-powered talent management platform, offers software designed to keep HR moving forward to boost engagement and develop top performers. As the company expanded its engineering organization and product suite, the complexity of managing systems and ensuring compliance grew significantly. One of the biggest recurring challenges was SOC 2 compliance. Each audit cycle brought with it heavy operational burdens like manual tracking, fragmented ownership, and outdated documentation. This left teams scrambling to prepare and relying on outdated tools and guesswork.
The effort to bring clarity and automation to this process was led by the Workleap platform engineering team, led by Sven Diebold. With the goal to make SOC 2 “a non-event,” Sven and his team leveraged Cortex to build a scalable, transparent, and real-time solution. With Cortex in place, Workleap shifted from reactive audit prep cycles to a state of continuous readiness. Ownership, documentation, and compliance signals are now current and visible, ensuring Workleap is always ready and that there are no surprises when auditors arrive.
"With Cortex, SOC 2 went from being a painful, high-effort process to something we could easily demo in real time to our auditors." — Sven Diebold, Manager of Platform Engineering, Workleap.
A new approach to compliance
Before Cortex, SOC 2 preparation required coordination across teams, manual processes, and multiple systems. Ownership was unclear, requirements were ambiguous and collecting evidence was slow and inaccurate.
Cortex provided a centralized solution ensuring Workleap was always ready for the auditors. Using the Catalog and Scorecards, Sven’s team created a real-time view of ownership, domain relationships, repository links, and control alignment. The team of auditors could see everything in seconds.
Sven’s team ran a proof of concept for few controls. They showed Workleap's auditors how they could view services, find owners, see Slack channels, check service user availability and access code links in one place.
"Auditors were used to clicking through multiple tools such as GitHub, Miro and Confluence. With Cortex, they had everything on one screen."
Building compliance into daily workflows
Sven’s team created a SOC 2 scorecard with automated checks for items like branch protection and infrastructure standards. This made compliance a continuous process instead of a once-a-year effort.
Workleap's Director of Security rapidly saw the value and began advocating for Cortex's use more widely across the company. Other teams started using it to track compliance in real time.
Expanding value beyond compliance
After resolving SOC 2 challenges, Workleap expanded its use of Cortex to support broader engineering priorities. Cortex became a flexible platform to drive adoption, alignment, and visibility across the organization.
Tracking OKRs with Scorecards
Directors leveraged Cortex Scorecards to define, measure, and report on engineering objectives without needing engineering support. Managers could independently set goals, define concrete engineering excellence targets and monitor progress in real time.
Monitoring AI adoption
Sven’s team used Cortex to identify where AI-generated code and prompt patterns were appearing across services. This allowed leadership to monitor adoption trends and track innovation with AI more effectively.
Improving inner source collaboration
Cortex made documentation ownership, team communication, and onboarding artifacts visible and measurable. It surfaced collaboration gaps and helped standardize how teams shared context across domains.
Accelerating service creation
With Cortex Workflows, developers could scaffold and launch new services within minutes. This eliminated manual setup steps, enforced best practices, and drastically reduced time to market.
Measurable impact
Cortex saves meaningful time for Sven's team and others:
5 minutes saved per service per Scorecard rule: replaced manual audits and subjective assessments with data-driven, real-time assessments.
1 day saved per workflow usage, per quarter: By automating service creation and standardization
Decommissioned developer surveys: Replaced by real-time metrics via Cortex, saving 100+ hours per campaign
“We used to run quarterly developer experience surveys. It took 100 hours of manager time and distracted us from working on actual issues. Cortex gives us real-time insights to act upon, no survey required.”
Recommendation for teams implementing an IDP
Sven recommends adopting a managed SaaS platform instead of building in-house. Running an internal platform means owning uptime, maintenance, upgrades, and security. Sven’s small team didn’t have the resources to constantly monitor or maintain a custom solution.
"If I told leadership we needed 2 quarters just to make sure the platform was up and running, it would have been a hard no. We didn’t have time to maintain our own platform. Cortex lets us focus on results and outcomes."
He also advises aligning Cortex with leadership priorities and measurable outcomes and starting with a high-value, high-visibility use case. SOC 2 compliance was a known pain point with clear ROI. Starting here helped build momentum and demonstrate Cortex’s impact early.
"Executives don’t ask how many users we have in Cortex. They ask what value it delivers."
Conclusion
By embedding Cortex into its engineering workflows, Workleap redefined how compliance, visibility, and engineering excellence platform maturity are achieved. What once was a recurring organizational pain point became a streamlined, data-driven process. The success with SOC 2 laid the groundwork for wider adoption across strategic initiatives, proving that a well-implemented internal developer portal can deliver measurable value and long-term impact. Cortex continues to support Workleap's mission to move faster, operate more efficiently, and scale with confidence.
"Cortex gives us the clarity and control we need to meet our goals without slowing down. It’s helped us move faster and build correctly from the start, and become an essential part of how we operate in a lot of different ways." — Sven Diebold, Manager of Platform Engineering, Workleap
