Explo became SOC 2 compliant with the help of Vanta. It is the stamp of security approval that we needed in customer conversations.
On this page:
What does security and SOC 2 compliance mean for Explo?
Explo builds customer-facing dashboards that can be embedded directly into your web application. While we don’t store or house any data, we do interact with sensitive data, and getting our SOC 2 was an important security assurance we wanted to provide for our customers.
Getting our SOC 2 increased the range of customers we can work with and made it easier to move through the security approval process with larger companies. With the SOC 2 stamp, customers understood that security was taken care of, and we could focus on what Explo does best.
How Explo got started with SOC 2
As a team, when we decided we needed a SOC 2, we assigned an individual to own the entire process and to loop in folks as needed. Initially we thought a lot of code changes would be required, but with Vanta we just needed to link up the various software tools we use, and many parts of the process were taken care of for us.
SOC 2 strategies: Partnerships, tooling, and timeline
We chose to use Vanta to help us prepare for the SOC 2 audit. Vanta is a fantastic resource that helped pull together all the evidence our auditors needed to quickly move through the audit. Vanta highlights any tests that you aren’t passing, and offers guidance on how to make fixes.
Our favorite part of Vanta was the customer support we received (shoutout Jones!). We were able to sync with an extremely knowledgeable rep who provided fantastic advice on how to quickly prepare for the audit.
Vanta introduced us to three different auditors based on our preferences. We were most focused on cost and reputability. We decided to go with Sensiba, who was the most cost-effective for the controls we were targeting — Security, Availability, and Confidentiality — and who had performed audits for data companies like Snowflake and Sigma Computing.
We onboarded with Vanta in August of 2020 and signed with Sensiba in October. We officially began our audit in mid-November, and by early January of 2021 we had achieved our SOC 2.
Pass it on: Lessons learned
Our advice to companies thinking about diving in with SOC 2: persistence is key, and get started early. Wrangling your employees to review all of the policies, perform the required trainings, and successfully onboard can be a challenge — but sticking with it pays off in the end.
Getting your SOC 2 can seem daunting and difficult, but if you put in one honest hour of work a day, you’ll get your audit in no time. Budget an hour a day and you can get your SOC 2 in just a few months.
How SOC 2 supports our embedded application business
Many companies we work with expect us to be SOC 2 compliant in order to interact with their data. Having our SOC 2 allows us to work with more customers without worrying about passing their individual security tests.