Osmos is in the business of data. The platform ingests millions of data points from hundreds of types of infrastructure and services.

Osmos knew they couldn’t close deals without compliance.

“Customers put all sorts of very sensitive data through our systems,” says Pandya.  “Every mid- to large-size customer asks you for compliance. The truth of the matter is the market demands proof of compliance, and if you don't have it, you're not going to close deals. We wouldn’t be able to continue to grow as a business.”

Despite the importance of compliance, managing the process internally was not feasible for the organization. Pandya knew it would take too long given their complex system, which has many different and evolving points of data entry.

“Just collecting an inventory of systems would take us three days of screenshots in GCP to do it, to give it to the auditor,” he says. 

So, as they set out to achieve SOC 2 Type I, Osmos began to search for the right partner. 

After being introduced to Secureframe, Pandya felt the platform’s automated approach and rapid development style had the potential to be a strong fit for their needs.

“Our larger customers have a hundred-plus SaaS systems deployed in their infrastructure,” he says. “As Osmos grows, I need to pick the tool that will talk to as many of my SaaS systems as possible. One of Secureframe’s value props was automated evidence collection. They have a clearly evidenced ability to move quickly on making more integrations, with connectors that talk to all the tools that we use. This gave me confidence and was a significant point in picking them.”

Osmos worked with Secureframe on both SOC 2 Type I and Type II. Pandya appreciated its automated platform that didn’t require daily maintenance.

“The greatest compliment I can give Secureframe, as a fast-growing startup, is that their solution works in the background. It solves the problem, and I can mentally move on.”

Secureframe offered value to Osmos beyond automation:

• A 360-degree solution: According to Pandya, Secureframe is the “the full package” that supports data gathering, project management, security training, and ongoing maintenance. 
• Advisory partner: Secureframe also gave recommendations on Osmos’ security tools: “They pointed us to a product for MDM infrastructure which turned out to be very flexible and powerful,” says Pandya. “We came out with a much better security posture.”
• Customer service: There was full investment in making Osmos’s compliance successful. "We were under time pressure for our SOC Type I and Type II, and Secureframe came into play fast and helped us get across the finish line.”

Given the immensity of his company’s data ingestion, Pandya recognizes the considerable time savings that Secureframe provided during Osmos’s compliance journey.

“We wouldn’t have gotten to SOC 2 at the point we did without the evidence collection and heavy lifting that Secureframe did for us. It would have taken another six to eight months, with one person full-time, to make it happen. If I'd done it myself, I would probably still be waiting to get compliant.”

Having Secureframe’s support allowed his team to focus on other things and continue to innovate on their own product. Pandya believes Secureframe has helped do this for the industry as a whole. 

“If Secureframe hadn't existed, our competitors, our peer startups, would also all have been struggling. An entire class of enterprise software would've been delayed multiple cycles without this class of technology.”