How Alpine IQ Got SOC 2 and HIPAA Compliant in Weeks and Closed 8 of the Top 12 Enterprise Companies in the Cannabis Industry
Alpine IQ empowers the legal cannabis industry by providing customer-focused technology to help retailers of all sizes resolve growth challenges and generate revenue. Alpine IQ provides customers with the industry’s most extensive suite of tools to protect, segment, and promote all in-store and online operations.
“Secureframe is one of our most valuable vendors. They act like a complete in-house security team compared to anyone else in the market. From traditional audit firms to other software companies, you’re going to save a lot more time, team resources, and money using Secureframe. I’ve already recommended it to my peers. There isn’t a better solution out there for achieving and maintaining compliance.”Nicholas Paschal, CEO, Alpine IQ
- Enterprise customers asking for SOC 2 report to move forward with sales cycle.
- Inability to do business in certain states without HIPAA compliance.
- Desire to scale efficiently and not get bogged down with tedious manual work to keep employees and the company compliant.
- Feeling stressed by the unknown and complex compliance progress.
- Searching for the right tool to guide them through their first SOC 2 Type I audit as well as becoming HIPAA compliant.
Secureframe provided Alpine IQ with:
- Ability to achieve SOC 2 and HIPAA compliance in one easy-to-use platform.
- Deep integrations that linked with existing tools to automate evidence collection process.
- Continuous visibility into state of compliance through automated readiness reports with proactive non-compliance alerts and easy-to-follow remediation steps.
- End-to-end white glove service from dedicated customer success and compliance teams through shared Slack Channel and check-in calls to streamline the process.
- Greater clarity around the exact steps needed to get SOC 2 ready and HIPAA compliant through a easy-to-follow checklist approach and continuous support during the audit.
- Got SOC 2 Type I ready and HIPAA compliant in a matter of weeks.
- Closed 8 of the top 12 publicly listed cannabis companies as enterprise clients after achieving SOC 2 Type I report and HIPAA compliance.
- One of the only Cannabis companies to be HIPAA compliant, allowing Alpine IQ to do business in states like Maryland and Pennsylvania when competitors can’t.
- Saved hundreds of hours of team resources through automating new employee onboarding and evidence collection.
Needing SOC 2 report and HIPAA compliance to unblock enterprise sales deals and do business nationally, but limited time and understanding of compliance process
Alpine IQ, a data analytics and marketing platform for cannabis retailers, had begun to engage with larger retailers in the cannabis industry as they grew. Unfortunately, these enterprise clients required SOC 2 in order to sign on as customers. Additionally, given Alpine IQ worked in the highly regulated cannabis space, they also needed to become HIPAA compliant if they wanted to do business in certain states.
Like many companies, Alpine IQ quickly learned that the process of getting SOC 2 and HIPAA compliant would take hundreds of hours of manual work, something that the Alpine IQ team did not have.
“Today we’re around 45 people and will easily double in the next year, but back when we were first thinking about becoming compliant, we were just five people. We just didn’t have the time or knowledge to get compliant and build our business at the same time.”
That’s when Nicholas began looking for outside help to guide him and his team through the process. Early on in his search, Nicholas looked at traditional audit firms like A-LIGN, but quickly realized he would be bogged down in tedious paperwork and spreadsheets if he worked with them.
“Automation was a key requirement for us as we knew we were going to quickly scale. Onboarding over 100+ employees and maintaining compliance would be a nightmare if we had to do it through excel spreadsheets and not an automated solution like Secureframe.”
That’s when Nicholas came across Secureframe.
Secureframe’s robust platform, 100+ integrations, and hands-on support from compliance experts set them apart from competitors and enabled seamless SOC 2 and HIPAA compliance
Nicholas was impressed with the 100+ robust integrations Secureframe provided to help automate evidence collection across Alpine IQ’s entire tech stack, as well as streamlining policy creation and onboarding for employees in one platform. It quickly became a no-brainer for Nicholas to sign on with Secureframe.
Once onboarded, Secureframe created a thorough, step-by-step list with all the required steps, documentation, and evidence Alpine IQ needed to meet SOC 2 and HIPAA requirements. Secureframe was able to simplify the policy creation process through their library of 40+ policy templates, automate evidence collection through 100+ integrations, and streamline employee onboarding and SOC 2 + HIPAA security awareness training to a single platform.
“Before Secureframe, our employees had to go through 15 different systems, and it would take days for them to get onboarded through all the different software systems. Now, Secureframe is probably 80% of it, and it takes less than a day for people to onboard. That level of automation and time savings is huge!”
Nicholas and his team appreciated the automated readiness reports that provided a live progress update on Alpine IQ’s state of compliance, as well as the support he got throughout the process.
“Onboarding and the support through the entire readiness process was great. I got answers almost immediately through the shared Slack Channel. The check-in calls helped keep us on track to our tight deadlines. And I loved having a live tap through the automated readiness reports if there were any problems across our tools.”
However, the biggest highlight for Nicholas was actually facing a security incident before their audit-window started, and feeling fully prepared to handle it because of the policies and processes Secureframe helped his team establish.
“We faced the same security incident that took down Facebook. But thanks to all the work we did with Secureframe, we were incredibly prepared. We got the whole tech team together and carried out our incident response plan, and presented it to our auditors. They said it was the best response they had ever seen anybody do. That really gave me the confidence and peace of mind that we were doing things right.”
Alpine IQ was able to get SOC 2 ready and HIPAA compliant in just a few weeks after working with Secureframe.
Hundreds of hours saved, SOC 2 and HIPAA compliance achieved, and closed 8 of the top 12 cannabis retailers
Alpine IQ saved hundreds of hours of manual work for their team by using Secureframe to get their SOC 2 Type I report and become HIPAA compliant in just a matter of weeks.
“Secureframe easily saved us hundreds of hours of work compared to using a traditional audit firm without sacrificing our security posture. They made the process as easy as possible.”
After achieving SOC 2 and HIPAA compliance, Alpine IQ was able to gain a significant competitive advantage in their space as one of the only vendors who is HIPAA compliant, allowing them to do business in multiple states like Maryland and Pennsylvania that required it, as well as create confidence with their enterprise customers with their SOC 2 report.
Alpine IQ was able to close deals with 8 of the top 12 cannabis retailers, with one of them saying Alpine IQ was one of the most compliant companies they’d ever seen.
“I was on the phone with one of the largest retailers who owns a significant portion of the US market. I sent them our SOC 2 Type I report and our HIPAA readiness report, and they said we were the most buttoned up cannabis company they’ve ever seen.”
Yet most importantly, Nicholas was able to achieve peace of mind knowing that as his company goes on to get their SOC 2 Type II report and scale to hundreds of employees, Secureframe will be there to continuously monitor their state of compliance so he can focus on growing their business.
“Secureframe is probably one of our most valuable vendors. They act like a complete in-house security team. Compared to anyone else in the market, from traditional audit firms to other software companies, you’re going to save a lot more time, team resources, and money using Secureframe. I’ve already recommended it to my peers. There isn’t a better solution out there for achieving and maintaining compliance.”