Meeting the client need for compliance
ENSEK, the SaaS platform behind the world’s leading energy suppliers, has secured SOC 1 and SOC 2 certification to support the growing number of enterprise customers who rely on ENSEK as the business-critical infrastructure for their energy retail business. As leading technology provider in a highly regulated market, maintaining compliance at scale is critical. Trish Sewell, Head of InfoSec, opted for SOC compliance to ensure that ENSEK has the appropriate security controls, and to provide customer’s peace of mind that information security is at the heart of everything we do.
“In the past, we earned our ISO 27001 certification and having now worked through that framework, it’s provided a solid ground to move into the SOC examinations,” said Trish.
Julian Turner, ENSEK’s Head of Business Assurance, was eager to undergo SOC examinations in order to examine their organization’s operational controls.
“The SOC 1 and SOC 2 audit would both help our team get a better handle on our operational controls and fully understand the gaps,” said Julian. “This is imperative to ENSEK’s success so going through an audit of this nature is a great spur and challenge to better developing our operational controls.”
A-SCEND was an easy tool to use, and the auditors worked with our team to ensure we pulled the right evidence.”
ENSEK ‘s Head of Information Security
Finding the right fit
When searching for an auditing firm, ENSEK was looking for seasoned professionals who fit well with their organization’s culture. A colleague who had previously worked with A-LIGN highly recommended the auditing firm and felt they would be a great fit for ENSEK.
“As a company, we value relationships,” said Trish. “When conducting our due diligence with A-LIGN, I found their team to be knowledgeable, professional and well suited to work with our internal team.” Agreeing with Trish, Julian added, “I found A-LIGN to be very mature, seriousminded, educational and well rounded.”
Between A-LIGN’s knowledgeable staff and ENSEK’s immediate ease with the team, they were confident that A-LIGN was the best auditing firm for their needs. “Ty Brush, A-LIGN’s Director of European Sales, really sealed the deal,” said Trish. “When he walked our team through the auditing process and their compliance automation platform, it made the entire process seem easy and painless.”
Earning a SOC 1 and SOC 2 report
With help from A-LIGN’s team, Trish and Julian led ENSEK through the SOC 1 and SOC 2 assessment process. “A-LIGN’s auditors took the first two weeks to really learn and understand how ENSEK operates and the nature of our business,” said Trish.
Adding to her comment, Julian noted, “Every member of the A-LIGN team was experienced, engaging, professional and helpful. We had a great working relationship with every member of the A-LIGN team but equally, they were not afraid to properly challenge our organization- it was a great balance!”
During the contracting stage, which is unique to the U.K. in terms of contract laws, A-LIGN went through the documentation carefully and helped ENSEK to correctly position the contracts. “I greatly appreciated A-LIGN’s preparation work and education throughout the audit process.” said Trish
The benefits of compliance management software
To streamline the auditing process, ENSEK used A-SCEND, A-LIGN’s audit automation and compliance software. A-SCEND saved ENSEK time by provisioning all of the requirements for the evidence. This approach for evidence collection reduced the total number of requests required from each audit by comparing common security frameworks and creating one request to address multiple criteria.
“A-SCEND was an easy tool to use, and the auditors worked with our team to ensure we pulled the right evidence,” said Trish. “Prior to A-SCEND, I used spreadsheets to organize requests, so this was a huge leap forward!”
A-SCEND streamlined the compliance process, consolidating and deduplicating efforts to save resources. Their team appreciated that the documents uploaded in A-SCEND are retained so they were able to apply the piece of evidence to multiple controls.
To learn more about how A-LIGN can help your organization through a variety of cybersecurity compliance assessments and audits, please visit www.a-lign.com/services or complete this form and an A-LIGN expert will reach out to you within 24 hours.
ENSEK’s purpose is to accelerate the digital energy transition. As the business-critical technology to the world’s leading energy suppliers, ENSEK’s cloud native SaaS platform enables radical transformation – creating lean, customer-centric and adaptive retail businesses that are empowered to play their leading role in achieving net zero. Beyond supply, the ENSEK platform aims to connect, orchestrate and optimise the billions of smart devices and assets that are key to a decentralised, digitised and decarbonised energy future.
For more information about ENSEK, please visit https://ensek.com/.