Alpine IQ, a data analytics and marketing platform for cannabis retailers, had begun to engage with larger retailers in the cannabis industry as they grew. Unfortunately, these enterprise clients required SOC 2 in order to sign on as customers. Additionally, given Alpine IQ worked in the highly regulated cannabis space, they also needed to become HIPAA compliant if they wanted to do business in certain states.

Like many companies, Alpine IQ quickly learned that the process of getting SOC 2 and HIPAA compliant would take hundreds of hours of manual work, something that the Alpine IQ team did not have.

“Today we’re around 45 people and will easily double in the next year, but back when we were first thinking about becoming compliant, we were just five people. We just didn’t have the time or knowledge to get compliant and build our business at the same time.”

That’s when Nicholas began looking for outside help to guide him and his team through the process. Early on in his search, Nicholas looked at traditional audit firms like A-LIGN, but quickly realized he would be bogged down in tedious paperwork and spreadsheets if he worked with them. 

“Automation was a key requirement for us as we knew we were going to quickly scale. Onboarding over 100+ employees and maintaining compliance would be a nightmare if we had to do it through excel spreadsheets and not an automated solution like Secureframe.”

That’s when Nicholas came across Secureframe.

Nicholas was impressed with the 100+ robust integrations Secureframe provided to help automate evidence collection across Alpine IQ’s entire tech stack, as well as streamlining policy creation and onboarding for employees in one platform. It quickly became a no-brainer for Nicholas to sign on with Secureframe.

Once onboarded, Secureframe created a thorough, step-by-step list with all the required steps, documentation, and evidence Alpine IQ needed to meet SOC 2 and HIPAA requirements. Secureframe was able to simplify the policy creation process through their library of 40+ policy templates, automate evidence collection through 100+ integrations, and streamline employee onboarding and SOC 2 + HIPAA security awareness training to a single platform.

“Before Secureframe, our employees had to go through 15 different systems, and it would take days for them to get onboarded through all the different software systems. Now, Secureframe is probably 80% of it, and it takes less than a day for people to onboard. That level of automation and time savings is huge!”

Nicholas and his team appreciated the automated readiness reports that provided a live progress update on Alpine IQ’s state of compliance, as well as the support he got throughout the process.

“Onboarding and the support through the entire readiness process was great. I got answers almost immediately through the shared Slack Channel. The check-in calls helped keep us on track to our tight deadlines. And I loved having a live tap through the automated readiness reports if there were any problems across our tools.”

However, the biggest highlight for Nicholas was actually facing a security incident before their audit-window started, and feeling fully prepared to handle it because of the policies and processes Secureframe helped his team establish.

“We faced the same security incident that took down Facebook. But thanks to all the work we did with Secureframe, we were incredibly prepared. We got the whole tech team together and carried out our incident response plan, and presented it to our auditors. They said it was the best response they had ever seen anybody do. That really gave me the confidence and peace of mind that we were doing things right.”

Alpine IQ was able to get SOC 2 ready and HIPAA compliant in just a few weeks after working with Secureframe.

Alpine IQ saved hundreds of hours of manual work for their team by using Secureframe to get their SOC 2 Type I report and become HIPAA compliant in just a matter of weeks.

“Secureframe easily saved us hundreds of hours of work compared to using a traditional audit firm without sacrificing our security posture. They made the process as easy as possible.”

After achieving SOC 2 and HIPAA compliance, Alpine IQ was able to gain a significant competitive advantage in their space as one of the only vendors who is HIPAA compliant, allowing them to do business in multiple states like Maryland and Pennsylvania that required it, as well as create confidence with their enterprise customers with their SOC 2 report. 

Alpine IQ was able to close deals with 8 of the top 12 cannabis retailers, with one of them saying Alpine IQ was one of the most compliant companies they’d ever seen.

“I was on the phone with one of the largest retailers who owns a significant portion of the US market. I sent them our SOC 2 Type I report and our HIPAA readiness report, and they said we were the most buttoned up cannabis company they’ve ever seen.”

Yet most importantly, Nicholas was able to achieve peace of mind knowing that as his company goes on to get their SOC 2 Type II report and scale to hundreds of employees, Secureframe will be there to continuously monitor their state of compliance so he can focus on growing their business.

“Secureframe is probably one of our most valuable vendors. They act like a complete in-house security team. Compared to anyone else in the market, from traditional audit firms to other software companies, you’re going to save a lot more time, team resources, and money using Secureframe. I’ve already recommended it to my peers. There isn’t a better solution out there for achieving and maintaining compliance.”