Amberoon is a cloud-based fintech company in a very demanding industry, with customers who insist on rigorous compliance with frameworks such as SOC 2. Old line compliance solutions from the pre-cloud era just weren’t going to work for a SaaS company like Amberoon. The company turned to Akitra’s compliance platform for ease of use, automated monitoring and evidence gathering, and excellent support.
Amberoon’s CEO Shirish Netke said that his company, like other SaaS companies, competes in world where essentially all prospects and customers insist that their suppliers of critical services be compliant with SOC 2 and other compliance frameworks. The first effort to go through the compliance process, with a traditional approach, “was expensive, inflexible and far too onerous. It was just not at all adapted to today’s cloud-oriented, distributed-resources world which has become the norm in the post-pandemic era. We gave up on it before even completing it and looked for a better alternative”.
Amberoon evaluated several alternate solutions for compliance, with a particular focus on automation. In the end, they selected Akitra, chosen for its ease of use and speed of implementation, from audit readiness through the audit process itself.
“What was particularly good was being able to have a clear view of the whole compliance process, knowing what work had been done and what still remained to be done,” said Netke. “It was also very useful for us — and for the external auditor — to be able to draw on a single data repository for all our policies, control statements and evidence.”
A key part of the solution, Netke added, was the quality of support provided by Akitra: “They provided us with excellent, really outstanding support. It was way beyond our expectations.”
Amberoon completed the whole SOC 2 Type 1 readiness and audit process quickly and efficiently. And since Akitra Compliance was already collecting evidence automatically and continuously from the beginning, Amberoon was able to roll directly into SOC 2 Type 2 compliance readiness. Type 2 requires observation and evidence gathering over a period of several months before the audit can take place, and the company was already much of the way there from having gone through Type 1.