PROS Excels Through SOC 2 Cybersecurity Assessment

by: A-LIGN 5 mins

Plutoshift Earns SOC 2 Report and ISO 27001 Certification

It all started with a need for compliance

Christine Lambden, PROS’ Senior Manager, Information Security & Compliance, was always an on-trend and forward-thinking professional. Back in 2014, she knew the importance of a SOC 2 cybersecurity assessment in the market and understood the value it would bring to their customer base. 

PROS, an AI-powered solution company making it possible for companies to more accurately price, configure, and sell their products and services in an omnichannel environment, knew that cybersecurity assessments would be imperative to advance their competitive edge in the AI industry. Christine did not want to risk losing business deals due to a missing compliance certification or lack of customer trust in their security processes and procedures.   

In the AI industry where a plethora of data is constantly being consumed and analyzed, it’s important to be well equipped to fight back against cybersecurity attacks and data security breaches. One of the main objectives of a SOC 2 audit is to ensure that industry best practices and protocols are in place to help organizations protect their systems and stored data from any unauthorized access. Moreover, SOC 2 ensures that confidential information is protected using industry compliance regulations, assisting organizations in improving their information security practices. 

Christine wanted to get out ahead of PROS’ competition, ensure best practices and protocols were in place, gain customer trust and enable their sales force to win more deals.

Finding the right fit

PROS was looking for experts in the auditing industry to help guide them through the initial assessment process. Christine knew through her years of experience that PROS needed a seasoned auditor to help explain the fundamental procedures. As a respected leader, she wanted to better prepare her team for future assessments by truly understanding the ‘why’ behind each request. Understanding the reasoning ensures that PROS’ employees and internal teams fully comprehend security protocols and industry best practices. Performing a SOC 2 audit would help Christine to verify whether her staff can identify potential data risks and understand how to implement various security protocols to safeguard the information or data.

PROS conducted a full vendor comparison by putting out a call for bids and interviewed five different firms before selecting A-LIGN. Christine and her team quickly recognized the patience, expertise and years of experience that the company brought to the audit process. 

“In the interview process, A-LIGN didn’t use the time to explain why they are the best,” said Christine. “Instead, they were the only firm to teach us the ‘why’ behind SOC 2, what our team will need to do to be successful, and what to look for when deciding on an auditor. It was apparent that it’s part of A‑LIGN’s culture to ensure their customers are successful.” 

Christine knew she wanted industry experts, an educational approach to the audit, and a licensed firm with the ability to conduct multiple audits. As a result, she decided to move forward with A-LIGN for PROS’ first audit experience.

It’s part of A-LIGN’s culture to ensure their customers are successful.”

Christine Lambden

Senior Manager, Information Security & Compliance PROS

Earning a SOC 2 report

As soon as PROS partnered with A-LIGN, they immediately kicked-off the SOC 2 examination process. “Our first A-LIGN auditor had a great deal of patience,” said Christine. “He took the time to break down what we were trying to prove… through this process we greatly elevated our knowledge and understanding.” 

With Christine’s lead, PROS successfully achieved a SOC 2 report. The SOC 2 examination was a positive experience for PROS as their internal team learned a great deal about the process, reasoning behind the requests and the resources required to complete an assessment. But, Christine knew compliance doesn’t stop there and immediately began planning her next cybersecurity assessment with A-LIGN

The AI-powered company began utilizing A-SCEND, A-LIGN’s audit management platform. During the assessment process, A-SCEND helped to organize information and alleviate de-duplication efforts across multiple security frameworks.

Embracing change

Christine’s guidance combined with A-LIGN’s expertise, drove PROS to make a cultural change in the adoption of cybersecurity policies and procedures. Working with A-LIGN’s educated auditors to understand the ‘why’ behind each new security protocol made a tremendous difference in how PROS approached and adopted future assessments. 

Following the initial audit process, PROS gained the tools and skillset needed to feel more confident moving forward. “Our audits always go well with A-LIGN,” said Christine. “A-LIGN has a great team in place and a smooth process that consistently results in a successful experience.” 

Christine feels the biggest value to PROS working with A-LIGN is the continuous push to improve.  “We’ve obtained a SOC 2 attestation every year since 2014 and the auditors continue to expect more, not allowing us become complacent,” said Christine.  “Every engagement ends with the A-LIGN team walking through a list of ways we can improve for the next audit.  Whether they are recommending new controls, suggesting a change to the internal audit schedule or metrics, or teaching us a new best practice, A-LIGN is our best resource for driving continuous improvement in all of our security practices.”

PROS went from their initial SOC 2 examination to complete the following assessments with A-LIGN: SOC 1, SOC 3, ISO 27001, PCI DSS, and CSA Star. 

About PROS

PROS Holdings, Inc. (NYSE: PRO) provides AI-powered solutions that optimize selling in the digital economy. PROS solutions make it possible for companies to price, configure, and sell their products and services in an omnichannel environment with speed, precision, and consistency. PROS’ customers, who are leaders in their markets, benefit from decades of data science expertise infused into their industry solutions.