How Secureframe Stripped Months of Manual Labor from SOC 2 and Unlocked Stellar Sales for Benepass
Benepass is a benefits platform designed for modern companies. From tax-advantaged benefits to completely bespoke ones based on corporate values, Benepass helps companies unify their ancillary benefits into a single intuitive experience for employees.
“Secureframe has made a world of difference to our business. Having a SOC 2 with Secureframe’s guidance has unlocked significant enterprise sales traction."Kabir Soorya, Co-Founder and CTO, Benepass
- Needing to integrate their platform with customers’ payroll systems.
- Holding sensitive data, such as SSNs and DOBs.
- Providing confidence to customers that security was deeply ingrained.
- Looking to get a SOC 2 report to meet customer expectations and find a crucial competitive edge.
- Searching for a partner to help them through the complex and labor- intensive SOC 2 process.
Secureframe provided Benepass with:
- Support, education, and guidance to make first-time SOC 2 compliance easy and seamless.
- Scanning of existing cloud infrastructure and guidance on how to fix any vulnerabilities.
- Integrations with core services that automate huge chunks of evidence collection.
- Detailed workflow that simplifies complex technical steps into clear and achievable practical tasks.
- Dedicated customer success manager and compliance experts always available to provide answers and expertise.
- SOC 2 achieved 6x faster than industry norm.
- Just 2 weeks of in-house resource required from Benepass.
- 2 large enterprise customers closed with 100,000+ employees between them.
- Complex and uncertain process replaced with simplicity, clarity, and fast results.
Needing a SOC 2 to demonstrate security, but confronted with a complex and opaque process
Benepass was on a mission to transform the employee benefits landscape with a combination of cutting-edge technology and automation.
For the security-conscious business, keeping customers’ data protected was their number one priority.
“Benepass integrates with our customers’ payroll/HRIS systems to automate administration, so understandably they want reassurance that security is a deeply ingrained value for us and all their data is in safe hands,” says Kabir Soorya, Co-Founder and CTO at Benepass.
As demand for Benepass’s services increased—and larger customers started taking interest—more and more leads were asking for a SOC 2 report. It quickly became evident that a SOC 2 would be essential as they grew the business.
While Benepass was keen to pursue SOC 2 certification at the earliest opportunity, nobody within the team had undertaken the process before.
“All we knew was that the SOC 2 process was complex and would involve a huge amount of work for the team,” says Kabir.
“When I looked more deeply at it, I felt we could handle the technical side of compliance, such as making sure MFAs were everywhere, access control rules were in place, and firewalls were up. But there was a much larger piece to the process that was more daunting—providing masses of procedural documentation and evidence gathering, which was out of our experience.”
The more Kabir reflected on the road ahead, the more certain he became that managing SOC 2 in-house wasn’t an option.
“To carry out the process internally, we’d need to go through every piece of software, every vendor, and manually add hundreds of pieces of required evidence, which felt like a massive undertaking,” he says.
That’s when Kabir started searching for an outside solution—a partner with the knowledge and experience to help Benepass through SOC 2, and lift all the uncertainty, effort, and manual workload off their shoulders.
“There was a much larger piece to the process that was incredibly daunting—providing masses of procedural documentation and evidence gathering, which was way out of our experience.”
Leveraging Secureframe’s automations and expertise to achieve SOC 2 in just eight weeks
It didn’t take long for Benepass to find the perfect match for their SOC 2 needs—Secureframe. Kabir knew the company was innovative and talented, because he’d heard about a powerful payroll integration they’d engineered. It felt like a natural step to partner with them on what they did best—delivering SOC 2 compliance.
A short sales call was all it took to seal Kabir’s decision.
“I could tell straight away that Secureframe was very knowledgeable about the compliance space,” says Kabir. “I immediately had tons of respect and confidence in them, which went way beyond what you normally feel after a sales meeting.”
As SOC 2 first-timers, Benepass needed a good deal of upfront support, which Secureframe was pleased to provide.
“Starting out, the SOC 2 process was new to us,” says Kabir. “Secureframe helped us understand the process and what was required of us, without burdening us with every technical detail of the assessment process.”
Right at the start, Secureframe onboarded Benepass on to their powerful, but easy to use, online platform. This streamlines every step of the compliance journey, from tracking team members’ security training and background checks, to building compliance policies, and assessing vendor risk.
Using the platform, Secureframe created an action list of all the documentation Benepass needed to get in order, security checks that had to be carried out across the team, and details of the evidence that needed to be gathered to pass the SOC 2 audit.
“Secureframe’s platform was intuitive and easy to use,” says Kabir. “We could easily go through the workflow Secureframe had set up and get ourselves audit-ready with minimal effort.”
Even better, Secureframe was able to integrate with Benepass’s core services and automate a huge amount of evidence collection. This saved Kabir the enormous time and effort of manually digging through spreadsheets and databases to gather the reams of proof required for SOC 2.
“We gave Secureframe access to scan our systems and they were able to pull much of the evidence required for SOC 2, without our team having to manually gather it,” says Kabir. “We could get on with our work building the business, while SOC 2 moved forward seamlessly in the background.”
Kabir was also impressed that Secureframe could connect and monitor Benepass’s cloud infrastructure with minimal effort. Using ‘read-only’ access—which took Benepass next to no time to provide—Secureframe scanned all their cloud services for compliance, reported any potential issues, and gave clear instructions for configuring them.
“At every stage, Secureframe showed a level of technical competence and attention that you don’t often get with a service relationship of this kind,” says Kabir.
Kabir deeply appreciated being able to hand over so much of the worry and mystery of SOC 2 to genuine experts in the compliance space.
“It was so rewarding to have a relationship with an expert that really understands the SOC 2 process,” says Kabir. “Secureframe made everything so clear and understandable, so we always had a grip on the practical elements that we needed to know and do to get through SOC 2.”
With Secureframe’s deep market-knowledge, support and guidance, Benepass obtained their SOC 2 report within just eight weeks. Normal in-house timeframes are closer to a year, meaning Secureframe got them compliant 6x faster!
Now armed with clear proof of their security controls and compliance, Benepass was more ready than ever to chase down ‘juggernaut’ clients, dramatically increase revenue, and usher in future growth.
“Secureframe’s platform was intuitive and easy to use. We could easily go through the workflow Secureframe had set up and get ourselves audit-ready with minimal effort.”
Months of the team’s time saved, SOC 2 delivered in just 8 weeks, and enterprise sales unlocked
Benepass saved 400+ hours getting SOC 2 compliant with Secureframe.
Because so much of the process was automated and taken care of by Secureframe, Kabir completed every task that fell to Benepass in just 2 weeks. Without Secureframe, he’d have needed to work every complex step out for himself and pull every piece of evidence manually, which he estimates could have taken a year or more.
“Secureframe saved us months of internal resource and effort,” he says. “Instead of spending that time on compliance, we could invest those hours into growth-focused activities, such as building products and improving the customer experience.”
Having their SOC 2 report has already brought immense value to Benepass. They’re closing more of the dream customers they want and their sales process has accelerated beyond recognition.
“The reputational and security benefits that the report gives us were essential in closing two large enterprise customers recently, who have thousands of employees combined, dramatically increasing revenue for our business,” says Kabir.
Larger customers, who were beyond Benepass’s reach before SOC 2, continue to pour through the door.
“Secureframe has made a world of difference to our business,” says Kabir. “Having a SOC 2 with Secureframe’s guidance has unlocked significant enterprise sales traction.”
What Benepass appreciated most about Secureframe’s service was its ability to make a new and mysterious process understandable and achievable.
“In a compliance space that often doesn’t make sense and is always labor-intensive, Secureframe takes a bunch of that burden away—and they’re very passionate and dedicated about doing that. That’s been a real benefit for us,” says Kabir.
No surprise then that Kabir recommends Secureframe to any business looking to unravel SOC 2 and quickly enjoy the benefits of becoming compliant.
“Secureframe makes the process so easy, they’re very accessible and responsive, and they break everything down so that you understand it and always know what to do,” he says.
“In a compliance space that often doesn’t make sense and is always labor-intensive, Secureframe takes a bunch of that burden away.”