Skip to the main content.
Watch Demo Meet With Our Team
Facebook Instagram Linkedin X YouTube
Case Study

Rogue Credit Union: How Evidence-Based Compliance Eliminated the Exam-Time Scramble

Rogue Credit Union, a $4+ billion institution in the Pacific Northwest, transformed their approach to compliance and exam preparation through continuous compliance with Rivial. What once required multiple team members working over 40 hours each—plus shutting down parts of the IT department—now takes just 60 man hours total. In their 2025 NCUA exam, the information security team was the first in the organization to have documentation ready, submitting over 4,000 pages of reviewed, organized evidence. For David Armstrong, AVP and Information Security Officer, the platform has been "life changing."

David Armstrong, AVP Information Security Officer

Impacts & Highlights:e

Financial Services (Credit Unions)

Pacific Northwest

$4+ billion
Rivial Continuous Compliance, Risk Assessment, and IT Audit

About Rogue Credit Union

Rogue Credit Union is a growing institution with over $4 billion in assets. David Armstrong serves as AVP and Information Security Officer, overseeing the information security program and managing two analysts. He's been with Rogue for five years—first as an analyst experiencing the pain points firsthand, then for over three years leading the program.

The Challenge: Painful Evidence Collection and Exam Scrambles

Before Rivial, Armstrong was one of the analysts dealing with the daily frustrations of compliance management.

Key Pain Points

  • Painful Evidence Collection: Gathering and maintaining documentation for ongoing compliance was time-consuming and frustrating
  • Stakeholder Friction: Previous solutions made it difficult to get stakeholders involved—they'd send emails and analysts had to upload everything manually
  • Reporting Challenges: Getting useful reports out of the previous platform was painful
  • Exam Scrambles: When exam time came, IT slowed down because teams had to scramble for documentation
  • Multiple Frameworks: Managing NIST CSF, PCI, and other frameworks without a unifying approach

It was just really painful before we moved into the Rivial platform. Compliance is complex—there's a lot of things involved and each individual document is important."

The first year when I was an analyst, I know I spent more than 40 hours, my boss spent more than 40 hours, our other analyst spent more than 40 hours, and we practically shut down two parts of the IT team because they had to find documentation."

 Trust Built Through Partnership

Rogue didn't find Rivial by searching for a compliance platform—they found a trusted partner first.

Why Rogue Credit Union Chose Rivial

Established Trust

Rivial was already a trusted partner for risk assessments and IT audits

Proven Track Record

If they could trust Rivial with audits, they could trust them with other tools

Early Adopter Opportunity

Rogue was one of the first to engage with continuous compliance in the platform

Streamlined Stakeholder

Experience: Stakeholders can directly apply evidence instead of emailing analysts

Trust is super important. If I can trust them with our risk assessment and IT audit, we can work out trusting them with other tools."

I strongly believe I need to trust my partners. If I can't trust my partners, I can't continue to do business."

Easy Implementation with Flexibility

As early adopters, Rogue found the platform intuitive and adaptable—default evidences could easily be duplicated and reassigned to fit their specific needs.

"When we would spin up a control framework, there'd be default evidences. Those were really good, but sometimes they didn't fit our exact niche. We could just duplicate the evidence and reassign really quickly."

Key Benefits

The transformation in exam preparation has been dramatic and measurable.

  • 60 Man Hours Total: Down from 120+ hours across multiple team members
  • First Team Ready: Information security was the first team in the organization with documentation complete
  • 4,000+ Pages Submitted: All reviewed, organized, and ready
  • Time to Review: Actually had time to evaluate all documentation before submission
  • 80% Overlap: Evidence already in the platform matched 80% of examiner requests

"In 2025, we measured it. It was about 60 man hours to export data, compile the list, get it all linked up and send it out. With three people, we did it in about a week."

"We were the first team in the org to have our documentation ready. We actually had time to review all of the documentation."

One of the most significant organizational impacts is that IT no longer slows down during exams.

  • No More Scrambles: Evidence is already collected through continuous compliance
  • IT Keeps Working: Teams can focus on projects that help members and employees
  • Less Chasing: No more hounding stakeholders for documentation

"It used to be when exam time came around, IT slowed down. IT doesn't slow down anymore."

"We're able to continue to let the IT teams work on the things that help our members and help our employees."

The quality of evidence submitted to examiners has improved dramatically.

  • Know What You're Sending: Continuous compliance means you know exactly what evidence looks like
  • Less Guessing: No gotchas when examiners ask hard questions
  • Confidence in Answers: You've had time to review everything before submission

When you sit down with an examiner and they're asking hard questions, you know exactly what they're looking at, and you've had time to review it. Instead of the mad scramble where maybe you skimmed over a document and missed a few things."

Managing multiple frameworks—NIST CSF 2.0, PCI 4.0, Federal Reserve SSRAP—became manageable through a single approach.

  • One Evidence, Multiple Frameworks: Evidence is the unifying element across all compliance requirements
  • 80% Already There: When new frameworks emerge, most evidence already exists in the platform
  • Not Just Checkboxes: Actual evidence proves control compliance, not just attestations

"It was in a conversation with Randy Lindberg and he goes, 'It's evidence. Evidence is the thing that unites the frameworks.' And I went, yep, that's it."

"When the SSRAP came up, I looked at the document and said, we have 80% of this data sitting in Rivial right now. Not only do I know it's there, I have evidence that it's there."

Quantified Risk for Executive Buy-In

While Armstrong lives in compliance daily, the risk assessment module has proven invaluable for leadership communication—quantified values help prioritize and make board decisions almost a no-brainer.

"If you can say, I have residual risk of this dollar amount, and I have a tool I can spend $50,000 on that will reduce risk this much—the board can make that decision. It becomes almost a no-brainer."

The Value of Partnership

For Armstrong, Rivial is more than a vendor—they're a trusted partner focused on the same goal: making the security program the best it can be.

Rivial is a place I can trust that will help improve us and challenge us. I regularly say, come at us as hard as you can. Go through my stuff because I want to do better."

Compliance is one of the ways we stay secure. But security is my outcome. That's where I want to be."

Looking Ahead

Rogue Credit Union continues to mature their continuous compliance approach, logging into the platform three to five times per week. Their philosophy: do the little things consistently, and the big things work out.

"If I can take a behavior and do it in small ways regularly, it's not so bad when we get to the time period when it counts."

Conclusion

For credit unions seeking to transform their compliance and exam preparation, Rogue Credit Union's experience demonstrates the power of continuous compliance. Through:

  • Exam prep reduced from 120+ hours to 60 hours
  • First team ready with 4,000+ pages of reviewed documentation
  • IT teams that stay productive during exam season
  • Evidence that unites multiple frameworks
  • Quantified risk for easy executive decisions

Rivial has helped Rogue Credit Union build a sustainable, evidence-based approach that makes compliance a daily practice rather than an annual scramble.

As Armstrong summarized: "Life changing. That was totally a game changer."

You'll never look back

Rivial's Revolutionary platform will transform your CISO life.

Schedule A Demo