Launching a new product that sat at the center of customers’ architecture.

Looking to demonstrate the product’s trustworthiness. 

Seeing compliance with SOC 2 as one way to build trust.

Searching for experts and tools to help them through the complex SOC 2 process.


When SaaS business Hasura developed a powerful new digital product that sits at the center of customers’ data architecture, they knew that demonstrating the product’s trustworthiness would be key to its success.

“Security is of the utmost importance to our customers,” says the compliance team at Hasura. “We were going after a lot of healthcare, insurance, and financial services companies and their first question was always whether we had best-in-class security controls in place and our products were secure.”

One way to build vital trust in Hasura’s new solution was through compliance with industry standards such as SOC2. 

“It was always on our timeline to become SOC 2 compliant and demonstrate strict controls,” says the team. “As we prepared to launch the new product, it became super-high priority that we proactively get that compliance done, rather than waiting and creating more work and issues further down the line.”

As it was Hasura’s first time pursuing SOC 2, and they knew the process was complex and specialized, they began looking for specialists and tools that could help them.

That’s when they discovered Secureframe—an innovative solution that helps automate SOC 2 compliance.

“As we prepared to launch the new product, it became super-high priority that we proactively get that compliance done.”

Keen to demonstrate the trustworthiness of a newly launched product through compliance with SOC 2

Hasura is a software technology company that builds developer tooling products, including open source tools, backend-as-a-service and platform-as-a-service products. 

The company’s GraphQL Engine gives customers instant GraphQL and REST APIs that unify their data and power their modern applications.

How Hasura Saved 360+ Hours Getting SOC 2 Compliant With Secureframe

“Secureframe offers the complete package for getting your SOC 2 report fast."

Just 3 months to go from zero compliance to being SOC 2 compliant.

Blown away by the always-there support they received from Secureframe.

Hasura’s team saved a month and a half of work and effort by partnering with Secureframe to achieve their SOC 2 report. 

“We derived a lot of value from Secureframe’s product and our engagement with their team,” says Hasura’s Compliance team. “Instead of having to figure things out for ourselves, we could use Secureframe’s tools to automate much of the process and turn to their team for advice when we needed them. I’d estimate we saved a month and a half, for sure.”

SOC 2 brings reassurance to prospects that Hasura and its products are secure.

“Being able to provide SOC 2 in the RFIs of potential clients has enabled us to speed up the sales cycle,” says the team. “The availability of a SOC2 report has meant we have audited third-party-certified answers to most of the security questions that an IT department poses.” 

Alongside the weeks of time saved, Hasura appreciates the hands-on, always-there support they received from Secureframe. 

“Secureframe handled so many pieces of the SOC 2 process for us that we didn’t have the technical knowhow to do,” says the team. “We’d 100% recommend Secureframe. Secureframe is the complete package and made our lives at Hasura a lot easier.”

45 days of manual work saved, faster sales cycles, and the foundations laid for future growth

Software integrations that link with existing tools and automatically gather evidence of SOC 2 compliance.

Investigation into their current security controls, including scanning of cloud infrastructure.

Clear action points provided via easy-to-use online portal to address areas of vulnerability.

Technical requests from auditors untangled and turned into straightforward and achievable tasks.

Dedicated customer success manager and compliance experts always available to provide answers and expertise.

When another Secureframe customer—whose judgment Hasura trusted completely—recommended Secureframe, they were eager to investigate. 

After reaching out to Secureframe, Hasura jumped on a kick-off call and never looked back. They appreciated that Secureframe’s solution not only incorporated an easy-to-use digital platform to automate and streamline SOC 2, but also a dedicated customer success manager to lead Hasura through the process. 

Secureframe had such a tried-and-trusted process, they told Hasura they could deliver a SOC 2 report in a matter of weeks.

First, Secureframe reviewed Hasura’s existing controls, including scanning the company’s cloud infrastructure. From there, they outlined key areas for Hasura to focus on and worked with them to develop robust compliance policies. Using its intuitive online platform, Secureframe laid out key action points for the team to complete over the coming weeks in order to be fully prepared for audit. 

As the audit drew nearer, Secureframe made the auditor’s lengthy and technical list of 250 document requests more manageable with automated evidence collection.

“One of the challenges of passing these kinds of audits is that the language is incredibly technical,” says the team. Secureframe simplified that auditor language, broke it down into tasks we could understand and follow, and used a simple dashboard to ensure everyone was doing what was required. Many of the tasks we’d otherwise have needed to do manually were automated thanks to Secureframe’s features and integrations, so we were ready for the audit quickly and with less effort on our part.”

Getting and staying SOC 2 compliant, with less effort and distraction for Hasura’s busy team

Needing to integrate their platform with customers’ payroll systems.

Holding sensitive data, such as SSNs and DOBs.

Providing confidence to customers that security was deeply ingrained.

Looking to get a SOC 2 report to meet customer expectations and find a crucial competitive edge.

Searching for a partner to help them through the complex and labor- intensive SOC 2 process.

Benepass was on a mission to transform the employee benefits landscape with a combination of cutting-edge technology and automation. 

For the security-conscious business, keeping customers’ data protected was their number one priority. 

“Benepass integrates with our customers’ payroll/HRIS systems to automate administration, so understandably they want reassurance that security is a deeply ingrained value for us and all their data is in safe hands,” says Kabir Soorya, Co-Founder and CTO at Benepass. 

As demand for Benepass’s services increased—and larger customers started taking interest—more and more leads were asking for a SOC 2 report. It quickly became evident that a SOC 2 would be essential as they grew the business. 

While Benepass was keen to pursue SOC 2 certification at the earliest opportunity, nobody within the team had undertaken the process before.

“All we knew was that the SOC 2 process was complex and would involve a huge amount of work for the team,” says Kabir. 

“When I looked more deeply at it, I felt we could handle the technical side of compliance, such as making sure MFAs were everywhere, access control rules were in place, and firewalls were up. But there was a much larger piece to the process that was more daunting—providing masses of procedural documentation and evidence gathering, which was out of our experience.”

The more Kabir reflected on the road ahead, the more certain he became that managing SOC 2 in-house wasn’t an option. 

“To carry out the process internally, we’d need to go through every piece of software, every vendor, and manually add hundreds of pieces of required evidence, which felt like a massive undertaking,” he says.

That’s when Kabir started searching for an outside solution—a partner with the knowledge and experience to help Benepass through SOC 2, and lift all the uncertainty, effort, and manual workload off their shoulders. 

“There was a much larger piece to the process that was incredibly daunting—providing masses of procedural documentation and evidence gathering, which was way out of our experience.”

Needing a SOC 2 to demonstrate security, but confronted with a complex and opaque process

Benepass is a benefits platform designed for modern companies. From tax-advantaged benefits to completely bespoke ones based on corporate values, Benepass helps companies unify their ancillary benefits into a single intuitive experience for employees.

How Secureframe Stripped Months of Manual Labor from SOC 2 and Unlocked Stellar Sales for Benepass

“Secureframe has made a world of difference to our business. Having a SOC 2 with Secureframe’s guidance has unlocked significant enterprise sales traction."

Kabir Soorya, Co-Founder and CTO, Benepass

SOC 2 achieved 6x faster than industry norm.

Just 2 weeks of in-house resource required from Benepass.

2 large enterprise customers closed with 100,000+ employees between them.

Complex and uncertain process replaced with simplicity, clarity, and fast results.

Benepass saved 400+ hours getting SOC 2 compliant with Secureframe.

Because so much of the process was automated and taken care of by Secureframe, Kabir completed every task that fell to Benepass in just 2 weeks. Without Secureframe, he’d have needed to work every complex step out for himself and pull every piece of evidence manually, which he estimates could have taken a year or more.

“Secureframe saved us months of internal resource and effort,” he says. “Instead of spending that time on compliance, we could invest those hours into growth-focused activities, such as building products and improving the customer experience.”

Having their SOC 2 report has already brought immense value to Benepass. They’re closing more of the dream customers they want and their sales process has accelerated beyond recognition.

“The reputational and security benefits that the report gives us were essential in closing two large enterprise customers recently, who have thousands of employees combined, dramatically increasing revenue for our business,” says Kabir. 

Larger customers, who were beyond Benepass’s reach before SOC 2, continue to pour through the door. 

“Secureframe has made a world of difference to our business,” says Kabir. “Having a SOC 2 with Secureframe’s guidance has unlocked significant enterprise sales traction.” 

What Benepass appreciated most about Secureframe’s service was its ability to make a new and mysterious process understandable and achievable. 

“In a compliance space that often doesn’t make sense and is always labor-intensive, Secureframe takes a bunch of that burden away—and they’re very passionate and dedicated about doing that. That’s been a real benefit for us,” says Kabir.

No surprise then that Kabir recommends Secureframe to any business looking to unravel SOC 2 and quickly enjoy the benefits of becoming compliant.

“Secureframe makes the process so easy, they’re very accessible and responsive, and they break everything down so that you understand it and always know what to do,” he says.

“In a compliance space that often doesn’t make sense and is always labor-intensive, Secureframe takes a bunch of that burden away.”

Months of the team’s time saved, SOC 2 delivered in just 8 weeks, and enterprise sales unlocked

Support, education, and guidance to make first-time SOC 2 compliance easy and seamless.

Scanning of existing cloud infrastructure and guidance on how to fix any vulnerabilities.

Integrations with core services that automate huge chunks of evidence collection.

Detailed workflow that simplifies complex technical steps into clear and achievable practical tasks.

It didn’t take long for Benepass to find the perfect match for their SOC 2 needs—Secureframe. Kabir knew the company was innovative and talented, because he’d heard about a powerful payroll integration they’d engineered. It felt like a natural step to partner with them on what they did best—delivering SOC 2 compliance. 

A short sales call was all it took to seal Kabir’s decision. 

“I could tell straight away that Secureframe was very knowledgeable about the compliance space,” says Kabir. “I immediately had tons of respect and confidence in them, which went way beyond what you normally feel after a sales meeting.” 

As SOC 2 first-timers, Benepass needed a good deal of upfront support, which Secureframe was pleased to provide.

“Starting out, the SOC 2 process was new to us,” says Kabir. “Secureframe helped us understand the process and what was required of us, without burdening us with every technical detail of the assessment process.”

Right at the start, Secureframe onboarded Benepass on to their powerful, but easy to use, online platform. This streamlines every step of the compliance journey, from tracking team members’ security training and background checks, to building compliance policies, and assessing vendor risk. 

Using the platform, Secureframe created an action list of all the documentation Benepass needed to get in order, security checks that had to be carried out across the team, and details of the evidence that needed to be gathered to pass the SOC 2 audit.

“Secureframe’s platform was intuitive and easy to use,” says Kabir. “We could easily go through the workflow Secureframe had set up and get ourselves audit-ready with minimal effort.”

Even better, Secureframe was able to integrate with Benepass’s core services and automate a huge amount of evidence collection. This saved Kabir the enormous time and effort of manually digging through spreadsheets and databases to gather the reams of proof required for SOC 2.

“We gave Secureframe access to scan our systems and they were able to pull much of the evidence required for SOC 2, without our team having to manually gather it,” says Kabir. “We could get on with our work building the business, while SOC 2 moved forward seamlessly in the background.” 

Kabir was also impressed that Secureframe could connect and monitor Benepass’s cloud infrastructure with minimal effort. Using ‘read-only’ access—which took Benepass next to no time to provide—Secureframe scanned all their cloud services for compliance, reported any potential issues, and gave clear instructions for configuring them. 

“At every stage, Secureframe showed a level of technical competence and attention that you don’t often get with a service relationship of this kind,” says Kabir.

Kabir deeply appreciated being able to hand over so much of the worry and mystery of SOC 2 to genuine experts in the compliance space.

“It was so rewarding to have a relationship with an expert that really understands the SOC 2 process,” says Kabir. “Secureframe made everything so clear and understandable, so we always had a grip on the practical elements that we needed to know and do to get through SOC 2.”

With Secureframe’s deep market-knowledge, support and guidance, Benepass obtained their SOC 2 report within just eight weeks. Normal in-house timeframes are closer to a year, meaning Secureframe got them compliant 6x faster!

Now armed with clear proof of their security controls and compliance, Benepass was more ready than ever to chase down ‘juggernaut’ clients, dramatically increase revenue, and usher in future growth. 

“Secureframe’s platform was intuitive and easy to use. We could easily go through the workflow Secureframe had set up and get ourselves audit-ready with minimal effort.”

Leveraging Secureframe’s automations and expertise to achieve SOC 2 in just eight weeks

Requiring SOC 2 compliance to prove their security credentials and speed up the sales cycle.

Feeling daunted by the complex compliance process.

Searching for an expert partner to guide them through SOC 2.

unitQ, a cloud-based product quality monitoring platform for product-driven companies, had rapidly evolved from a go-getting start-up into a fast-scaling SaaS success story serving category-leading customers like Chime, Strava, and Pandora.

With their new-found position in the marketplace, unitQ suddenly had more to worry about than just delivering great results for their clients. To close deals with the biggest and best in the industry, they needed to streamline their operations, and ensure they met all the compliance expectations of the enterprise prospects they were going after. 

Increasingly, these prospects were demanding a SOC 2 report—an auditor’s report verifying the controls that a business has in place to protect its customers’ data. 

“Our customer base includes some of the most high-profile tech companies in the world—and quite simply they require SOC2,” says Anthony Heckman, Head of Business Development at unitQ. “Without it, prospects were asking us to supply enormous amounts of documentation and proof every time. This was drastically extending the sales cycle and putting the brakes on our growth.

“However, we were far from experts on the SOC 2 certification process, controls, pricing or timelines, so we’d need to invest time in understanding that process before we could even get started. SOC 2 felt like a long list of steps—I don’t know many folks going through it for the first time who wouldn’t say it can be an intimidating process.”

A pivotal moment came when unitQ closed a major deal with Chime, one of the largest fintech companies in the world. As part of the contract, unitQ pledged to secure SOC 2 certification within a fixed period. So unitQ not only needed results fast—they needed best in-class policies, procedures and controls.

The question now was how to move forward. unitQ didn’t have the in-house security consultants to manage the process internally. And while they could have tasked someone from the team with project managing the process, it would have been an arduously steep learning curve and taken them away from what they do best. 

“What we needed was a partner with the expertise and support capabilities to take all the work off our plate,” says Anthony. “A partner with deep expertise to guide us through everything, without SOC 2 becoming a burden on our busy team.”

“We were far from experts on the SOC 2 certification process, controls, price or timelines, so we’d need to invest time in understanding that process before we could even get started. SOC 2 felt like a long list of (intimidating) steps.”

Requiring a SOC 2 report to close high-profile clients, but needed assistance on complex audit processes

unitQ was founded by a team of experienced entrepreneurs to help companies monitor, classify, and analyze their user feedback data in real-time to drive product quality and product excellence. They designed unitQ Monitor to enable companies to stay on top of global trending product quality issues, improve their product experience, and align their organizations.

How unitQ Achieved SOC2 Compliance Quickly, Affordably and Hassle-Free With Secureframe

“I'd 100% recommend Secureframe! They took the pain out of SOC 2 certification and helped us get compliant faster. Thanks to Secureframe, we can close more deals faster and focus on scaling our business.”

Anthony Heckman, Head of Business Development, UnitQ

At least 3x faster than running the process in-house.

Compliance achieved 2 weeks ahead of schedule.

Hundreds of hours of time and effort saved for unitQ’s busy team.

Sales cycle accelerated and countless sales and growth opportunities unlocked.

For businesses that choose to manage SOC 2 internally, the process usually takes around 9 to 12 months—and comes with no guarantee of success at the end. With Secureframe, everything was buttoned up in just 12 weeks, a full two weeks ahead of schedule. 

That’s at least three times faster than the norm, all the while saving unitQ’s team hundreds of hours of time and effort. 

While the original 14-week schedule was set by unitQ, as they needed to balance other business priorities, Secureframe regularly delivers SOC 2 compliance in just a few weeks.

With SOC 2 compliance achieved, unitQ wasted no time maximizing the impact of their superior security status. They shouted about it in sales outreach and made it unmissable on their website to demonstrate their evolution as a business, drive more leads and, ultimately, close more of their dream, category-leading customers.

“We want every company in the world, and ultimately their end users, to benefit from unitQ. Now, thanks to Secureframe’s help in achieving SOC 2, we can demonstrate our maturity level and show these firms we run a professional, mature, and compliant organization,” says Anthony. “This has accelerated our sales cycle with enterprise customers and unlocked so many more sales and growth opportunities for the business.”

As a business that openly admits it found SOC 2 daunting, unitQ hugely appreciates the five-star support and guidance they received from Secureframe. 

“People are what make businesses great, and Secureframe really hustled for us at every stage,” says Anthony. “If ever they thought we were uncertain, they’d proactively step in and guide us through. They constantly demystified the process.”

Anthony would recommend Secureframe to any CEO or security consultant looking to get SOC 2 set-up in any size of business.

“I’d recommend Secureframe 100%, because they got the job done ahead of schedule, without any issues, were super-responsive, great to work with and very cost-effective. So it’s a no-brainer!” says Anthony. 

“We couldn’t get to the next stage of growth without processes like SOC 2 in place, and couldn’t have closed enterprise customers without it. I couldn’t imagine going through that without Secureframe by our side.”

SOC 2 delivered at least 3x faster, unitQ’s sales cycle accelerated, and big deals closed faster

End-to-end support through preparation and audit.

Easy-to-use central platform providing transparency throughout the process.

Dedicated customer success manager and compliance experts always there to answer questions.

40+ software integrations automate much of the process and remove the burden of manual work.

SOC 2 compliance and report delivered in just 12 weeks.

After scouting the market for a solution, unitQ discovered Secureframe—and everything fell into place.

It was clear from Secureframe’s website that they had a long list of happy customers, who praised their easy-to-use platform, hands-on support, clear process and pricing, and depth of expertise. For Anthony, it really was a case of ‘what’s not to like?’

Secureframe’s smooth onboarding process began when Anthony hopped on a kick-off call with a member of the Customer Success team. 

“It was so clear that Secureframe had deep experience of SOC 2, so we immediately felt very comfortable that they were the right partner to shepherd us through the process,” says Anthony.

“On that single call, Secureframe helped us get set up on their platform and walked us through every feature and function. They were so clear about their price and how the process was going to run that we knew exactly what we were getting from the start.”

In order to simplify SOC 2 for its customers, Secureframe reduces the process to 7 key steps. These include scanning and securing unitQ’s security infrastructure, creating security and compliance policies, assessing and managing vendor risk, and completing the audit.

“What we loved about Secureframe was that they not only explained the process of what they’d be doing, they also explained the ‘why’ behind everything” says Anthony. “So it was always clear what needed to be worked on to get ourselves audit-ready.”

As Secureframe made a start getting unitQ SOC 2-ready, its online platform became unitQ’s single source of truth. 

Within the portal, every step of the process was laid out, along with specific tasks allocated to named members of unitQ’s team. This ensured everyone could see where they were in the process and any bottlenecks could be quickly fixed. 

Even better, a huge chunk of the manual work typically associated with achieving SOC 2 was taken off the team’s shoulders by Secureframe’s 30+ software integrations. The platform automatically synced with unitQ’s core services, collecting data on infrastructure, policies and other evidence vital to the audit. This meant the team didn’t have to waste hours of precious time pulling data manually and drowning in spreadsheets.

“The integrations moved things forward quickly,” says Anthony. “And because the platform laid out the process so transparently, it was easy to see what tasks needed to be completed to keep everything on track.”

At every step, Secureframe could turn to a dedicated customer success manager—backed up by the company’s security and compliance experts—if they had any post-onboarding questions. Secureframe also set up a Slack channel as a central communication hub. Whenever unitQ posted a question, Secureframe provided a response within minutes, ensuring the process remained friction-free.

“Secureframe’s Customer Success and Compliance teams were hyper-responsive and ensured the entire process went smoothly by providing exceptional support,” says Anthony. “SOC2 certification is a big deal, so to know their team was always there was incredibly valuable—particularly in areas where we had limited knowledge and needed hand holding.”

“It was so clear that Secureframe had deep experience of SOC 2, so we immediately felt very comfortable that they were the right partner to shepherd us through the process.”

Secureframe’s easy-to-use platform and hands-on support enables fast and simple SOC 2 compliance

Secureframe Raises $18m from Kleiner Perkins to Automate Security Compliance. Read on TechCrunch →

https://techcrunch.com/2021/03/18/secureframe-series-a-cybersecurity-compliance/

How Hasura Saved 360+ Hours Getting SOC 2 Compliant With Secureframe

How Secureframe Stripped Months of Manual Labor from SOC 2 and Unlocked Stellar Sales for Benepass

How unitQ Achieved SOC2 Compliance Quickly, Affordably and Hassle-Free With Secureframe

Ready to secure your SOC 2?