Reciprocity now deploys multiple times a day, up from every six weeks.

Reciprocity Overview


Deliver new features 90X faster

Reciprocity's ZenGRC platform enables companies to track, manage, and assess information security compliance and remediate risk from one consolidated, easy-to-use, lightweight platform. Reciprocity makes an inefficient system more efficient, delivering amazing value at a reasonable price and helping businesses adapt to a changing world. The ZenGRC platform streamlines evidence collection, simplifies audits, manages vendor risk, and is a single source of truth that allows control consolidation across multiple compliance standards. As regulations become more complicated, ZenGRC is becoming a crucial tool for any information security department.

Reciprocity Timeline



World-class organizations like Alaska Airlines, Colgate, and Stanford University depend on Reciprocity's ZenGRC platform for compliance and risk management. Clients have high expectations of the product and frequently ask for new and better features. In light of this, Reciprocity’s product and engineering teams felt a sense of urgency about becoming more customer-centric in how they designed and delivered software.

Achieving this goal required two key changes. One, Reciprocity needed to release new features into production more often. In the past, it took as long as six weeks to get a feature out the door. This prolonged wait times for customers eager to get their hands on the latest functionality. Two, the company needed to take a more data-driven approach to planning, building, and iterating on new features. This entailed running experiments – e.g., A/B tests, beta tests, etc. – to better understand user sentiment and engagement.

A common denominator in Reciprocity’s struggle to ship faster and run experiments was its homegrown feature flagging system. Maintaining the in-house tool ate up considerable engineering time. Moreover, the homegrown solution failed to offer cross-team support. Product managers, for example, could not oversee flags for their own beta tests. Also, the scope of what one could do with feature flags – e.g., release features by user segment – was quite narrow.

The homegrown system was a source of pain. More to the point, it detracted from providing value to customers.



Reciprocity found in LaunchDarkly a comprehensive solution that empowered teams to ship code when they were ready, test in production, experiment with everything, reduce risk, and control releases with precision – core traits of feature management. Moreover, LaunchDarkly’s enterprise-grade infrastructure freed Reciprocity from concerns around reliability.

Release management: Giving customers what they want when they want it…safely
Managing feature flags is simple in LaunchDarkly. Engineers seized on this to continuously deploy code and test in production. With clear visibility into all its feature flags, Reciprocity can swiftly find, alter, and disable features that cause trouble.

LaunchDarkly also allows the company to use feature flags in more advanced ways. Rather than merely treat feature flags like a lamp switch, in which you hide or expose a feature for all users, engineers leverage them for targeted releases, canary launches, and phased rollouts. They can separate users into different cohorts and tie specific features to those groups. This alone marks a big step toward customer-centricity.

Now, customers that crave new functionality receive it when they want it. While those with less of an appetite for change can consume new features in smaller bites.

Experimentation: Opening the door to data-driven product development
LaunchDarkly cleared the obstacles that once kept product managers from creating a robust experimentation program. Today, gathering user feedback, measuring engagement, and running multivariate tests are now standard practice. Indeed, being able to safely test in production and release features to carefully-defined cohorts has made this a reality. Further bolstering the company’s experimentation efforts is the fact that engineers can delegate control of feature flags to product managers. Engineers get time back, product managers take charge of their own beta tests, and customers get better features. Everybody wins.

Operations: Squashing fear
Reciprocity also leans on LaunchDarkly when making large architectural changes to its platform. The fear and anxiety of deploying big code changes have all but vanished. Engineers proceed confidently with the knowledge that, should something go wrong, they can resolve the issue with a kill switch or safety valve in an instant.



Reciprocity underwent a radical transformation in six short months. Whereas before, the company shipped code every six weeks, it now deploys multiple times a day – a staggering 90X jump in speed. What's more, it has virtually eliminated risk when delivering software. With feature-hungry customers getting access to new functionality sooner, customer retention and satisfaction also have shot up.

"We had a couple of customers in particular who were about to churn," said Joe Alfaro, VP of Engineering at Reciprocity. "They were saying, ‘We needed this functionality, and we're going to go find it somewhere else because you guys don't have it.’ And we were working very, very hard with it, and we decided just to give them phase one of it \[the new features], just so they could see it. And then using LaunchDarkly, it's so easy to do that, we actually turned those accounts around. And they're still customers with us."

On another front, since baking experimentation into its workflows, the company has become much more data-driven about deciding what to build. Engineers avoid grinding away on features that yield low engagement upon release. Instead, they build stuff that users can’t live without.

**Progressive delivery: Doing what few have done**

In a nutshell, Reciprocity is delivering better software, faster. But the company achieved another feat, one that eludes many software companies and is less obvious to the naked eye: it put progressive delivery into practice. Targeted rollouts, gradual releases, feature flag delegation, constant experimentation, and other techniques that add control and safeguards to continuous delivery are hallmarks of progressive delivery. And Reciprocity has made a habit of such practices.

Progressive delivery is simply a means to an end. For Reciprocity’s team, that end was to become more customer-centric – a mark they soared well past. Indeed, they are still in flight.


Let's put it this way: we used to release once every six weeks. Now, we release multiple times a day.


Joe Alfaro

VP of Engineering, Reciprocity

Ready to Get Started?

Get started today, and talk to an expert.