Basis Theory, a global tokenization platform, was geering up to launch their company to the public. One of their use cases was tokenizing payment and cardholder data. However, in order to work with this data, Basis Theory had to become PCI compliant.

Unfortunately, the process to become PCI compliant can be long and complex without the right support, so Basis Theory sought out experts to make the process as seamless as possible. 

“Compliance is a big risk for any organization. There’s many steps involved. Given achieving PCI compliance was integral to us launching our product, we couldn’t afford to not get it right. Having some guidance was essential.” - Matthew Trisoline, Senior Platform Engineer, Basis Theory

The Basis Theory team looked at multiple software solutions that would make achieving compliance quick and easy. They wanted to make sure that not only would the platform help streamline most of the steps, but that they would also get the right level of support.

“I’ve been through multiple compliance frameworks before at my previous companies such as SOC 2, HIPAA, and PCI. But given this was my first time doing PCI from scratch and that I would take on the burden of helping my company get compliant, I wanted to make sure I’d get as much guidance as possible to minimize delays.”

The CEO had demos scheduled with multiple companies. After completing the demos, the Basis Theory team felt that Secureframe’s product would help streamline the process more and help them stay better organized. Plus, Secureframe had compliance experts with previous PCI experience who would hold the team’s hand every step of the way.

“With Secureframe, I felt like the platform was really robust and that I would get the extra level of attention and customer support I was looking for. Having a dedicated resource who could provide clarifications, guidance, and feedback made sure I wouldn’t be wasting my time or my engineers’ time with unnecessary work.”

Once onboarded, Secureframe created a thorough checklist of all the required steps and documentation needed to get PCI compliant and create a more secure environment for handling payment and cardholder data. 

Plus, Secureframe provided an open channel of communication throughout the readiness phase through Shared Slack Channels and regular check-ins to help with any questions or concerns.

“Working with Secureframe’s compliance experts was great. Their expertise and knowledge really shined through. Being able to have someone to go to for any questions, get a gut check, and get a continuous feedback loop was really helpful. It made all the technical and administrative aspects of getting PCI compliant a lot simpler. I appreciated that I didn’t have to worry or think about things. I knew Secureframe’s team would be there.”

Secureframe was able to help get this company audit ready within just a couple of months, with zero issues or delays. But the support didn’t stop for this company. During the audit itself, Secureframe’s compliance team helped answer any auditor questions and advocated on behalf of the company.  

“It was clear that Secureframe had a great relationship with their auditor partners. Any time our auditor had a question, Secureframe’s team was there, helped clear up any potential issues, and streamlined the entire audit process. It created a lot of peace of mind for me to know I wasn’t alone.”

With Secureframe’s deep expertise, support and guidance, Basis Theory was able to get their PCI Certification within 3 months, easily a few months faster than had Basis Theory attempted to achieve compliance by themselves.

“We wouldn’t have become PCI compliant nearly as quickly or as efficiently without Secureframe. The team made sure we had all our ducks in a row, and we were very well-prepared going into the audit.”

Basis Theory was able to get PCI certified with zero delays or issues. Plus, Secureframe’s platform helped save the team hundreds of hours of time and resources. With the help of the platform, the team didn’t feel like they had to bring on any additional support or security hires, and could handle all of the work in-house. 

“The Secureframe platform helped tone down the need for a security analyst. It gave me and my team one place to do all of our compliance work. What was great was I was able to bring my junior engineers into the platform and they were able to easily digest everything. The ease of use easily saved us hundreds of hours of time and resources.”

Secureframe also helped Basis Theory formally launch their product to the public. Given the nature of the work they do, Basis Theory could not launch without becoming PCI compliant. The team wanted to make sure they had all the necessary controls in place to protect payment and cardholder data. With their PCI certification in hand, the team felt confident about their ability to protect data.

“We could not go live without getting PCI compliant. But the Secureframe team ensured we didn’t miss any of our deadlines. We were able to launch exactly as planned, which was a huge weight off of my shoulders.”

Finally, getting PCI compliant helped increase both consumer confidence as well as attract top tier investors for Basis Theory. 

“Given we’re a young company, having our PCI certification shows our customers that we’re serious about keeping data secure.

With their PCI certification in hand and Secureframe continuously monitoring their state of compliance for the future, Basis Theory can focus on growing their business for the long run without worrying about falling out of compliance in the short or long term. 

“The platform helped streamline all aspects of getting PCI compliant. Plus, we received amazing support from Secureframe’s in-house compliance experts. Getting PCI compliant was a breeze, and anyone considering PCI should definitely consider Secureframe.”