Compliance is a great way to prove to others that your business has sound cybersecurity measures in place. Security and compliance are not the same thing; however, compliance provides evidence of security.
Don't know where to start?
There are several types of compliance audits, a common one being System and Organization Controls (SOC). These audits demonstrate that an organization is committed to providing the best levels of security and service.
At Trava, we work closely with SaaS companies that are selling to enterprise businesses that require this proof of security measures. And we had the privilege of helping two of our fellow Indy-tech companies, Encamp and Casted do just that. Take a read at how we guided Encamp and Casted through the SOC 2 certification process.
What is SOC 2?
Every company has a set of policies to be audited on which says that there are measures in place for technology, operational and business functions. SOC 2 compliance proves that there are existing and effective security measures in place at a company. SOC 2 has 5 criteria: security, availability, processing integrity, confidentiality and privacy.
Trava helps our customers primarily with the security criteria.
Why SOC 2 Matters
Many enterprise companies see SOC 2 compliance as a prerequisite for SaaS businesses. These clients request to specifically work with SOC2 certified businesses which happened in both Encamp and Casted’s situations.
How Trava Guides SOC 2 Audits
Trava has an experienced team to help guide our customers through this auditing process. Each audit journey looks different as cybersecurity isn’t one size fits all, but the services Trava offers are always consistently top-notch.
Trava guides customers through the SOC 2 auditing process through vCISO hours and a partnership with different compliance platforms. We give our best advice and feedback as experts that have been through this process many times. We also recommend the appropriate tools and software to ensure operational items are secure.
“Just because you have a lot of tools, doesn’t mean you’re going to be secure.”
After gathering all of the evidence needed for the audit, Trava team members do an internal audit before submitting for an official audit. This can be viewed as a mock audit as everything is gone over. We also make sure only the needed information is shared. The mock audit also involves reading through the company’s policies to make sure everything is up to date.
Trava is honored to help Encamp and Casted secure their SOC 2 certifications. Learn more about their journeys with Trava’s compliance assistance.
Encamp’s SOC 2 Journey
Trava assisted Encamp in a longer process, as they were audited for SOC 2 Type 1 and a Type 2. The Type 1 auditing process evaluates the blueprint of security processes at a specific point in time.
During the Type 1 process, Encamp realized that they needed an internal person to help with coordinating their internal security protocols. They ended up forming and hiring a DevSecOps position to add more bandwidth to take on cybersecurity and compliance work.
Once Encamp was set with SOC 2 Type 1, the next step was to get the Type 2 testing underway. Type 2 tested everything that was set up during the Type 1 phase for six months.
We are thrilled that Encamp is now SOC 2 Type 1 and Type 2 audited and certified!
“Achieving our SOC 2 compliance not only assures current and prospective customers of our commitment to protecting their data, but it also improves our employee’s vigilance and reduces the risk of a security event or data breach. Trava expeditiously took the lead on Encamp’s SOC 2 undertaking and provided a vast range of services and support to our security team. Trava’s role was, and still is, crucial to the success of our SOC 2 compliance.”
Casted’s SOC 2 Journey
Trava also directed Casted through the SOC 2 Type 1 process. This started in the Fall of 2021 which led Casted to being certified Spring of 2022.
Casted continued to have requests for security questionnaires which became time consuming for their team to complete. Once Trava heard about the questionnaires, our team suggested they start their SOC 2 Type 2 journey as help to help prove they have security measures in place. Being approved by an auditor for SOC 2 will allow for Casted to send the SOC 2 report and have fewer questions to answer from a potential customer’s questionnaire.
We can’t wait to stay on this track with Casted!
“When it came time for our SOC audits, Trava was there with us every step of the way. From determining and building our controls to collecting evidence, to clarifying evidence with our auditors.”
Let Trava help you
Looking for guidance along your security journey? Schedule a meeting with a Trava team member today!