As a Solutions Engineer for Roost.ai, Rakesh Chandran is involved in many aspects of dealing with sales prospects, including presenting Roost’s solution as well as fielding pre-sales technical questions. Many of these dealt with security. Rakesh found himself answering largely the same set of questions, over and over with each new prospect. This was consuming everyone’s time, both his own and the prospect’s, and stretching out the length of the sales process.
Roost needed to be able to prove its compliance with security norms, preemptively addressing any prospect or customer concerns about security, and SOC 2 compliance was the way to do it.
Roost selected Akitra as its compliance automation partner. Rakesh’s first challenge was to adopt a required set of policies and controls that form the heart of SOC 2 compliance. “Akitra provided us with the baseline set of policies that we needed for our compliance program, with the ability to customize them to our way of business when needed, for example with our risk assessment policy”, said Rakesh. “Also, it was particularly useful to be able to use Akitra’s employee management module to be able to track employees’ acknowledgment of company policies and confirmation of completion of required training.”
Using Akitra integrations with cloud services such as AWS and Github, Roost was then able to use the Akitra platform’s ability to automatically collect compliance evidence. As well, Roost deployed Akitra’s Shield endpoint management module for monitoring workstation security.
1. The time taken to complete SOC 2 Type 1 compliance was cut from six months to just two months, using Akitra’s automation.
2. The time savings for Rakesh are not just one-time, but ongoing. “We have now moved on to the SOC 2 Type 2 compliance process, which requires continually collecting evidence – it’s only possible to do this efficiently with a compliance automation system”, said Rakesh.
3. “Time is particularly critical for a startup, and that’s especially true in shortening the sales cycle”, Rakesh emphasized. “If a potential client asks for a SOC 2 report, we now have it. Equally important, if the client wants a specific security report, we need it right away to keep the sales process moving forward. It’s very easy to get such reports with Akitra.