Clariti’s patch compliance report used to take hours every week. Now it takes two minutes — and arrives ready for the executive team.

The Challenge

Colin John is the IT Operations Manager at Clariti, a cloud software company serving North American government clients. In that role, security and compliance aren't nice-to-haves — they're the baseline. Unpatched endpoints mean vulnerabilities. Vulnerabilities mean risk. And for a company whose clients operate in the public sector, that risk has real consequences.

Clariti's environment adds complexity to an already demanding job. The organization runs a mixed fleet of endpoints across Windows and Mac OS, spread across multiple departments with different patching behaviors, compliance rates, and risk profiles. Tracking patch status across all of them — and translating that data into something meaningful for senior leadership — required pulling from multiple tools within Rippling and cross-referencing against individual application sources for software like Microsoft Office and Adobe.

The manual process played out the same way every week: generate a raw report from Rippling, filter by OS type and version, drill down to the department level, identify which teams and individuals were falling behind, cross-reference application-level patch data from separate sources, and assemble everything into a format that a senior leader could actually read and act on. From start to finish, it took a couple of hours — every week, without exception.

The same problem appeared in a different form during monthly access audits. When employees changed roles or left the company, tracking whether their access had been fully revoked across every connected application was a multi-day effort. With over 100 apps connected through Rippling, the odds of something slipping through were real — and the consequences of a terminated employee retaining active access were exactly the kind of compliance exposure Clariti could not afford.

The Solution

Colin used Rippling AI to generate a single, comprehensive prompt designed to replace the entire manual reporting workflow:

"Generate an executive-level patch compliance report for all endpoints. Include overall patch compliance percentage, breakdown of endpoints by compliance status, risk categorization by severity (critical, high, and medium), identification of departments and teams with the lowest compliance, and trends or patterns in patching performance over the past 90 days. Format the output to be concise and non-technical, suitable for senior leadership, and include potential business impact and recommended actions to improve compliance."

What came back was a complete executive-ready report:

• An overall compliance percentage and endpoint summary at the headline level, followed by a tabular compliance breakdown ready to paste directly into an email or slide deck. 

• Risk categorization across critical, high, and medium severity, with specific endpoint counts at each level. 

• Department-by-department breakdowns showing which teams and device types were lagging. 

• A 90-day trend analysis surfacing recurring delay patterns. 

• A prioritized top-five risk list for immediate leadership attention. 

• And a tiered action plan: immediate actions within the first week, short-term steps within two weeks, and medium-term initiatives within 30 days.

The whole thing was available in Word and table formats, downloadable, and formatted for non-technical consumption. What had taken hours of manual aggregation and formatting now took under three minutes — with the only remaining step being Colin's own review to verify accuracy.

While exploring Rippling AI further, Colin uncovered a second problem he hadn't been looking for. A user who had transitioned into a new role prompted him to query the system for a full access overview and what he found was a compliance gap hiding in plain sight. An employee who had been off-boarded from Rippling still had an active account living inside Atlassian. With over 100 connected applications, even a well-managed offboarding process can leave residual access behind through API edge cases or incomplete integrations.

Rippling AI surfaced it in a single prompt — the kind of anomaly that would have been invisible without a full manual audit, and that previously would have taken three dedicated working days each month to check for.

The Impact

For a company where security and compliance are the top operational priorities, the ability to now generate an accurate, executive-ready report on demand is a meaningful change in what's operationally possible.

Hours reduced to minutes, every week. A multi-source patch compliance report that previously took hours of manual aggregation and formatting was generated in under three minutes — structured, risk-categorized, and ready for senior leadership.

Monthly access audits, transformed. Role transition and offboarding audits that previously required three working days each month now take minutes.

Ghost access, surfaced. A terminated employee's active account in a connected application — invisible to any manual process — was identified through a single Rippling AI prompt, closing a compliance gap before it became an exposure.

Executive reporting, without the translation work. The prompt output arrives pre-formatted for non-technical leadership — risk-prioritized, action-oriented, and ready to share — eliminating the manual effort of translating raw IT data into something the executive team can act on.

For IT teams operating in high-stakes compliance environments, the difference between a tool that stores data and a tool that synthesizes it into action is the difference between hours spent in spreadsheets and time spent actually improving security posture. For Colin and Clariti, that shift is already underway.