Inflectra is a market leader in the software test management, test automation, application lifecycle management, and enterprise portfolio management space. Its methodology-agnostic software tools are used in regulated industries where portfolio management, requirements traceability, release planning, resource management, document workflow, baselining, and enterprise risk analysis are required.

As an organization that provides services for regulated enterprise businesses, Inflectra wanted a way to better demonstrate its strong security posture. They knew that obtaining SOC 2 compliance would help meet customer requirements while providing external validation of their strong focus on security.

“We knew we had what it takes to get our SOC 2 but we needed help taking the proper steps to get it done,” says Simon Bor, CTO of Inflectra. 

Inflectra initially began their SOC 2 journey on their own but quickly became overwhelmed with the extensive pillars and rules associated with SOC 2 guidance. That’s when Bor started to search for products and services that could provide expertise to help him understand what he needed to prioritize for a successful SOC 2 audit.

“It was difficult to understand our priorities for SOC 2 and where to focus our time. We didn’t know what we didn’t know.”

Bor and his team knew they needed a platform that provided automation to save them time collecting compliance evidence across their AWS environments and internal systems.

“We had processes set up for reviewing our AWS environments but the lack of automation made the process very time-consuming and performing these reviews manually made it easy for things to fall through the cracks.”

More importantly, they needed to work with a vendor they could trust. They wanted a vendor that would act as a partner to educate them on compliance best practices and guide them through the audit process.

After evaluating his options, Bor realized an automated compliance platform was the most cost-effective solution that still provided the level of support they were looking for. 

“We had two options: either engage an audit firm that would cost $50,000+ or work with a vendor like Secureframe to help us on our journey to streamline the compliance process.”

Bor and his team engaged in a short trial with Secureframe to put the platform and the team to the test. During the trial, Bor worked closely with Secureframe’s customer success team and found them to be both responsive and knowledgeable. The team helped him understand why controls were failing, where the data did not satisfy SOC 2 requirements, and which documents to upload, without feeling like he was just being pushed through the motions. 

“Your experts helped us understand what we needed to do and where to stop based on the scope of our audit. We had access to people with a significant amount of audit experience that helped provide advice as we worked towards achieving SOC 2 compliance.”

The Secureframe team delivered a standout level of compliance and audit expertise. Bor knew this was the level of collaboration he was looking for to aid his organization in building a strong compliance program. 

The benefits of the Secureframe platform also stood out as Bor realized how he could consolidate a lot of the work he and his team were doing manually. The task that consumed most of their time was monitoring and reviewing their seven AWS regions. By connecting each AWS region to the Secureframe platform, they were able to monitor and review every region at once and eliminate the need to do each task seven different times in AWS.  

“We have seven AWS regions. Being able to consolidate our AWS environments into one platform, particularly across regions, made it easier to identify what is right and what is wrong based on the compliance requirements.”

Bor also liked how easy Secureframe’s in-platform security training was to manage. He could easily onboard and segment his team inside the platform to ensure each person was completing their ongoing training as well as other compliance tasks, including policy acceptance. 

Inflectra and Secureframe quickly built a strong relationship. The trust in the relationship extended to Secureframe’s network of third-party partners. Bor knew he could trust the pen testers and auditors recommended by Secureframe while also managing the costs associated with these partners.

“Our level of trust with Secureframe extended to third-party services and also helped us manage our costs.”

Working with Secureframe gave Inflectra the ability to streamline compliance tasks with added confidence as they went into their SOC 2 Type 1 audit. The Secureframe team provided expert guidance around SOC 2 best practices so Bor and his team knew how to evidence items and present them to auditors in an easy fashion.

“Secureframe gave us the expertise in knowing what compliance looks like and confidence in best practices to maintain a strong security posture.”

Inflectra achieved their SOC 2 Type 1 audit which has improved their sales cycle and moved deals forwarded that required SOC 2. Having their SOC 2 has also opened new opportunities for Inflectra. 

“At Inflectra, we recognize that Secureframe plays a significant role in maintaining the highest standards of security and regulatory compliance across our operations. It is often the final piece that gives our customers peace of mind and confidence in the quality of our software solutions.”

Secureframe’s automation, training, and AWS monitoring saved Bor’s team 10 hours a month so they could spend more time focusing on supporting the business’s growth. 

Ultimately, Inflectra built their confidence to get SOC 2 fast and showcase their strong security compliance posture to their customers.