“We were going to get asked over and over again to jump through all of the security hoops to prove that it was a secure product.”

Optify, a coaching solutions provider that created an online coaching platform, was quickly learning that potential customers, both private coaches and large organizations, wanted proof that Optify’s online platform was keeping their data secure. 

The biggest headache for the team was that each security questionnaire was different, so copy-and-pasting answers was not possible. They are also a small team, so the countless hours spent filling out security questionnaires was a major burden and slowing growth.

“I talked to consultants who would help prepare us for an audit and it just seemed overwhelmingly expensive. I was getting quotes of $30,000 to $40,000 to get us ready.”

One way to build rapid trust in their platform was to obtain compliance with industry standards such as SOC 2. 

Optify decided to get SOC 2 compliant to streamline the security questions. By sending the SOC 2 report when security questions came up, it put the onus back on the prospect to go through and see if they have any questions beyond what's in the audit report.

However, hiring a consultant to prepare for the audit was not only expensive, there was no visibility into the audit process and what was actually being done by the consultants.

“During the initial conversations, just seeing the software that [Secureframe provides] made me confident that it was a finite process and the process would be really clear.”

Pam, Optify’s CEO and founder, learned about Secureframe through a personal connection and quickly realized that the concerns she had with using a consultant would be eased by Secureframe’s platform, which made all of the steps to get SOC 2 compliant clear. 

The expertise provided by Secureframe’s dedicated compliance and customer success teams also gave Pam confidence that they could make it through the process and receive their SOC 2 audit report.

Secureframe also provided a list of preferred auditors, which Pam appreciated as it meant they did not have to spend too much time doing research and finding an auditor on their own.

“We were setting our own internal milestones and working at the pace that worked for us.”

Optify was able to get audit-ready in a timeframe that worked for them. Secureframe’s support team was on call over Slack to answer any questions and had regularly scheduled check-ins to keep the company on track. 

With Secureframe’s deep expertise, support, and guidance, Optify received their SOC 2 report at the pace they wanted.  

“If we didn't have Secureframe, how would we have gotten there… I'm not even sure.”

Receiving a SOC 2 report is a long process that requires diligent and consistent work. With Secureframe’s help, both from the technology and customer support side, Optify stayed on track to get SOC 2 ready, go through the audit, and receive their report. 

Having the report has unlocked many large deals for Optify. In one instance, an organization that wouldn’t purchase from them a year prior now wants to partner with Optify on a large contract now that they have their SOC 2 report.

“Because of the audit readiness process I just feel prepared. I feel competent to respond to questions.” 

Answering a few technical questions on a call or in a meeting can go a long way to proving an organization takes security and compliance seriously. 

After going through the audit process, Pam and her team went into a customer’s technical review of Optify’s security posture and were able to reduce the meeting to five minutes by mentioning they were getting their SOC 2 report and confidently answering a few questions.

“Along the way it made us a more secure and better functioning organization”

Finally, going through the audit readiness process made Optify a better functioning organization. The SOC 2 audit process is meant to ensure an organization is following the best practices when it comes to security compliance and, for Optify, it highlighted areas where they could be more secure. 

Now, with their SOC 2 report in hand and Secureframe continuously monitoring their state of compliance for the future, Optify can focus on growing their business.