Building Customer Credibility
Our client, a small business providing solution-centered event registration services, recognized the need to convey to their current and potential customers how seriously the company takes data security. With the lead of their director of security and compliance, our client identified the need to put better processes and procedures in place and began working toward obtaining a SOC 2 report and ISO 27001 certification.
The client recognized the many benefits of earning a SOC 2 report and ISO 27001 certification, but the main driver for the audits were to increase their credibility in the eyes of customers. “As a small business, we are always trying to make ourselves better by improving processes, building and maintaining documentation, and creating a culture of continuous improvement based on feedback when corrective action is needed,” said the director of security and compliance.
The discipline that cybersecurity assessments put in place is exactly what our client needed to push their security to the next level.
Finding the Right Fit
“Being a small business, I didn’t feel it was necessary to pay top dollar and go with one of the ‘big four’ auditing firms,” said our client. “While price is always a factor, I was really looking for a tech savvy firm that understood our needs.”
Our client chose A-LIGN as their auditing firm because of their technology background, professionalism and responsiveness. “I was attracted to A-LIGN’s company culture and agility in the marketplace,” said the director of security and compliance. “A-LIGN isn’t like other auditing firms that seem slow moving and only take in documentation and push out a letter afterward. A-LIGN acts as a true partner in the auditing process, guiding our team and providing comprehensive support.”
“A-SCEND is easy to access and even easier to use.”
Director of Security and Compliance
Earning a SOC 2 Report and ISO 27001 Certification
As soon as our client partnered with A-LIGN, they immediately started the assessment process. “Our SOC 2 assessment went smoothly as did our ISO gap analysis,” they said. “Along the way, A-LIGN was very helpful and professional as they were an excellent auditing firm and partner in the process.”
With a background in technology, our client also found a great deal of value in A-LIGN’s software tool, A‑SCEND. The director of security and compliance felt that A‑LIGN’s investment in a software tool to support the auditing process speaks volumes to their commitment to being relevant and cutting edge in a marketplace where A‑LIGN’s customers are high tech.
“A-SCEND is a real differentiator,” they said. “The tool allows me to view status, sort information, and export reports—it works really well. The A‑SCEND platform is a really important, valuable piece of A‑LIGN.” Our client was very impressed with the search feature, how the tasks appear on the board, the easy-to-read dashboard, and the ability to export data into a spreadsheet.”
Changing the Mindset
The director of security and compliance’s guidance, combined with A-LIGN’s expertise, drove our client to successfully complete a SOC 2 assessment and ISO gap analysis, helping to build customer credibility. “I give A-LIGN top marks in just about everything. A-LIGN helped us to change the mindset of our company. This is the first time we’ve defined a process for incident management, service interruption and post-audit review. Defining these processes made our small business run much more efficiently and greatly aided my goal of continuous improvement,” they said.
The client appreciates that ISO 27001 has a three-year engagement window, and they are held accountable throughout this time period. This window results in the company being more disciplined in order to meet ISO requirements and has created a supporting infrastructure to uphold operational excellence.
When our client earned their SOC 2 report, their director of security and compliance understood the importance of promoting this achievement. They placed the logo on the company’s website, pushed out external announcements and provided his sales team with talking points around the report. “It’s all about credibility to our customers,” they said. “They need to know that we take data security seriously and are doing everything in our power to be sure their most valuable assets are safe with us.”