Trava's integrated solution helped Encamp accelerate sales to enterprise customers.
About Encamp
Encamp simplifies environmental, health, and safety (EHS)compliance for organizations that are subject to state and federal regulations by making it easy to manage EHS documents, deadlines, permits, and tasks in one, modern platform. From keeping up with deadlines to coordinating different teams across multiple facilities, Encamp helps EHS managers deliver consistent processes and first-rate compliance programs.
Opportunity
Encamp was bidding to land their first enterprise customer contract. As part of their vendor review process, the potential customer requested a cyber risk analysis of Encamp’s digital environment, as well as a cyber risk management plan to demonstrate a specific level of cyber maturity and ongoing commitment to appropriate cybersecurity controls.The problem was that Encamp had neither a formal cyber risk assessment methodology nor a risk management program in place, and they lacked the time and internal resources to develop them on their own.Without an in-depth cyber risk assessment and analysis, followed by development, documentation, and implementation of a structured cyber risk management program, Encamp was likely to lose the contract. They needed help from an outside expert—and fast.
Approach
First, the team used Trava’s automated vulnerability assessment tool to run external, certificate, web app, cloud, and dark web scans. Next, Trava’s virtual chief information security officer (vCISO)consultants guided Encamp through a Baseline Cyber Risk Assessment to gain a comprehensive view of Encamp’s vulnerabilities, digital information security, and cyber hygiene. Using a proprietary survey based on the NIST cybersecurity framework (CSF), Trava uncovered some key risk management gaps, including vulnerability management, infrastructure and application security, and end-user awareness training.
Then, based on all of the scan and assessment results, the vCISO team prepared a detailed cyber risk report and prioritized action plan to satisfy the potential customer’s security program requirements. Deliverables included:
- Vulnerability assessment report and training – including recommendations for how to address each of 40 initial findings from the potential customer’s vendor review
- Secure software development lifecycle (SDLC)
- Security risk management program
Finally, with an understanding of existing risks, as well as a documented plan for how to mitigate and/or transfer those risks, the Trava team worked withEncamp to begin implementing their new cyber risk management program, starting with access to Trava’s automated assessment platform for ongoing vulnerability scanning and management.
Outcome
Encamp needed a fast turnaround to adhere to the review process timeline—about half as much lead time as Trava would typically require for a project with this scope and depth. But when your primary core value is ensuring your customers succeed, putting in a little overtime to meet a deadline is an easy decision.The team worked quickly to deliver thorough assessment, analysis, and planning documentation so that Encamp could remain in the running for the enterprise contract—and they won it. Not only did Trava’s work help Encamp land their first enterprise customer, that customer represented nearly one-third of Encamp’s annual revenue that year.It was a defining moment for Encamp. Gaining the ability to sell into the enterprise market sent Encamp’s company trajectory in a new, high-growth direction. Encamp was so pleased with the outcome of the initial project that they have continued using Trava’s assessment platform and contracted Trava for ongoing vCISO services to ensure they keep their cyber risk management program in top shape.
