CASE STUDY
ÉTUDE DE CAS
ROLLER runs compliance across 35 countries and three concurrent audits—without adding headcount
Automated Compliance, Third-Party Risk Management, Trust Center, Data Privacy, Customer Commitments, SOC 2, PCI DSS, ISO 27001
.webp)
"Compliance used to be a hurdle on enterprise deals, especially overseas. Now it's the reason we can say yes to them."
TL;DR
- Challenge: Three frameworks, 35 countries, and a manual compliance process that couldn’t scale—while global enterprise deals demanded security credibility that the team couldn't yet deliver.
- Solution: ROLLER consolidated SOC 2, PCI DSS, ISO 27001, risk management, and Customer Commitments onto Vanta, replacing spreadsheets and manual reviews with a single system of record that could grow with the business.
- ROI: Compliance is now a revenue driver. The team manages hundreds of vendors and pursues enterprise accounts across global markets that it couldn't have approached two years ago, with no added headcount.
The company
Cloud-based venue management for modern attractions
ROLLER is a cloud-based software platform built for entertainment centers, parks, and attractions. Its platform covers the core operational areas venues need to run and grow, from ticketing and point-of-sale to memberships and waivers for more than 3,000 venues across 35 countries.
The challenge
Compounding complexity, manual processes—at a time when enterprise deals required more
ROLLER’s compliance program struggled to mature in lockstep with a business scaling across dozens of jurisdictions and increasingly complex enterprise customer requirements.
For example, as transaction volume grew, PCI DSS scope jumped from roughly 40 controls to 232. ROLLER also increasingly found that prospective enterprise customers wanted to see security credibility that the team couldn’t yet deliver.
What ROLLER tried first: Policies lived in Confluence, evidence came in as screenshots, and every vendor review landed on one person— entirely manual, with no way to distribute the load. Much of that evidence still lived in spreadsheets outside their core tools.
ROLLER's pivot point: An IDP integration surfaced hundreds of applications in active use against just 125 formally tracked. Roughly 96% of the vendor surface area had no risk assessment, no ownership, and no hygiene process. At the same time, enterprise prospects were demanding custom MSAs, jurisdictional data commitments, and SLA tracking that ROLLER had no system of record to absorb.
Why ROLLER chose Vanta: The team needed multi-framework scoping, automated vendor risk at scale, and compliance that could actually support enterprise deals. ROLLER chose Vanta for its integration depth with its existing stack—Wiz, Jira Service Management, Salesforce, Rootly, and its IDP—and for framework scoping that could apply distinct evidence, scope, and SLAs per framework without duplicating work.
{{quote-2}}
The Vanta impact
Scaling security without scaling headcount
ROLLER now runs three concurrent audits, manages a 3,100+ application vendor surface area, and tracks enterprise customer commitments across 35 countries—all with a 3-person team.
Here's how ROLLER deployed Vanta:
Compliance has shifted from a growth constraint to a competitive differentiator, and the infrastructure is in place to absorb new frameworks and enterprise requirements as the business scales.
.webp)