How Secureframe Helped Fabric Implement Robust Security Controls and Get SOC 2 Ready in Just 2 Weeks
Fabric was established by commerce veterans to help brands migrate from legacy commerce systems. Its ‘headless’ platform offers a modular suite of intuitive business applications for retail buyers, planners, and marketers.
“Secureframe has the right team, the right platform, and the right experience to help businesses get SOC 2 certified within tight timeframes. I would not have finished my SOC 2 type 1 so quickly if I didn’t have Secureframe.”Rachana Desai, Vice President of Engineering, Fabric
- Building a security culture from the very beginning.
- Looking to be proactive about meeting industry standards like SOC 2.
- Seeking to demonstrate security resilience to customers and prospects.
- Searching for a partner to help them get SOC 2 for the first time—and fast.
Secureframe provided Fabric with advice, automation, integrations, and services, including:
- Connecting with core services to identify any security gaps and issues—and advising on solutions.
- Integration with a broad range of SaaS tools and applications to automate evidence gathering.
- Providing a streamlined workflow that simplified complex requirements into clear and achievable steps.
- Dedicated customer success manager and compliance experts always available to provide answers and expertise.
- From zero to SOC 2 type 1 certified in three months.
- 2x faster than managing the process in-house.
- SOC 2 type 1 audit and report completed in just 2 weeks!
- Increased customer satisfaction.
- Better equipped to get products to market faster—and scale with confidence.
Demonstrating to customers that security was a prime focus—and data and systems were secure
Super-dynamic SaaS start-up Fabric was on a mission to disrupt the established ecommerce marketplace.
Consequently, the company was investing its time and focus into areas including platform and product development, marketing, customer satisfaction, and maximizing operational efficiency.
From the very beginning, they also identified the importance of being proactive about security—ensuring their systems were protected and data processing was done with integrity.
“Instilling a strong security culture from the beginning was important to us and our customers,” says Vice President of Engineering Rachana Desai. “We needed prospects and customers to feel comfortable giving us their information, because they weren’t just trusting us with their sensitive data, but with their customers’ information, too.”
One way to build rapid trust in their platform was to obtain compliance with industry standards such as SOC 2.
“We wanted to obtain SOC 2 certification and demonstrate that our security was airtight,” says Rachana. “Compliance would give customers added confidence that security was an absolute priority for us, while ensuring we had the right internal controls in place to bring new products to market faster and improve our operational efficiency.”
Having recognized the value of obtaining SOC 2, Rachana set the target of achieving type 1 certification within 3 months, with type 2 to follow as soon as possible thereafter.
With such a pressing timeframe, she decided to search out a partner to help Fabric accelerate the process of SOC 2 certification—and remove the time and friction of tackling such a complex and arcane process in-house.
“We could have done our own SOC 2, but the speed would have not been there,” explains Rachana. “It would also have taken the team away from focusing on important areas such as building our products and enhancing the platform for our customers.”
Rachana needed an experienced security compliance partner with the right people, skillset, digital tools, and track record to help Fabric get its SOC 2 type 1 report for the first time—on time.
Secureframe helps Fabric speed-up and streamline the complex and specialized SOC 2 process
Rachana took a close look at several vendors that helped businesses build strong security frameworks, but one stood out from the rest—Secureframe.
Rachana appreciated Secureframe’s combination of experienced security and compliance experts, pinpoint process, time-saving automations, and access to a network of respected auditors.
It felt like Secureframe had streamlined the task of securing SOC 2 from end to end.
“Secureframe had created a clear and logical process for covering all the areas of focus that SOC 2 requires,” says Rachana.
“Without that, we’d have needed to take time to understand all the auditing standards and controls for ourselves, and then pull together our own process for achieving SOC 2. That, in itself, would have taken several months to complete internally.”
As soon as Fabric had contracted with Secureframe, a dedicated Customer Success Manager worked with Rachana to ensure Fabric was SOC 2 type 1-ready in weeks—and continued to support them as they worked towards type 2 certification.
Secureframe was able to help Rachana achieve this by automating much of the pre-audit process, which would otherwise have taken tons of internal bandwidth, including:
- Connecting with Fabric’s core services — Secureframe scanned Fabric’s infrastructure to identify any security gaps and issues, then provided clear guidance on how to configure them, including identifying the right departments within Fabric’s business to be accountable for each task.
- Assess and manage vendor risk — Secureframe integrated with many of Fabric’s vendors and SaaS tools, automatically pulling in security data from those sources and providing detailed risk assessments. This saved Fabric hundreds of hours, because they didn’t have to do any of it manually.
- Simplifying the onboarding of customers and employees — Onboarding customers and employees typically involves fulfilling countless, time-consuming security steps. Secureframe makes the process fast and seamless, with a platform that allows Fabric to easily track what steps — such as background checks and acceptance of security policies — have been completed. This automated workflow ensures they know where the gaps are, without the manual effort of hopping in and out of different systems.
Having followed Secureframe’s process—and utilized a broad range of integrations and automations—Rachana was ready to find an auditor and attain their SOC 2 type 1 report.
Again, Secureframe’s knowledge and experience with compliance audits enabled this critical step to progress at maximum speed.
“At first, Secureframe said they could deliver the report in just four weeks,” says Rachana. “Even that seemed fast to me. But, even better, we were actually done in two weeks.”
Rachana believes this phenomenal turnaround time was only possible because of Secureframe’s preferred auditor network, steely attention to process and detail, and knowledgeable support team.
“After I made very clear expectations on the dates I was targeting and what I needed out of this, Secureframe’s team of customer success and compliance experts were on top of it,” says Rachana. “It was a good partnership throughout, because they were proactive and would tell us: hey guys, you haven’t done this, so you need to do it.” She adds: “Even when we had complex questions for them that required investigation, Secureframe were quick to figure things out and get any issues sorted, which was very helpful.”
Secureframe’s high-quality team, and equally high-quality platform, helped Rachana meet her first compliance deadline—and obtain a SOC 2 type 1 report—well ahead of time.
In a matter of weeks, they’d attained a level of security certification that was already providing added trust for customers as they continued to make waves in the competitive ecommerce space.
SOC 2 certification delivered 2x faster and 100s of engineering hours freed up to invest in other areas
Fabric unlocked huge time savings by partnering with Secureframe to obtain their SOC 2 type 1 report for the first time.
Rachana estimates that achieving type 1 certification in-house would have taken over 6 months. With Secureframe, everything was buttoned up inside three months!
That’s 100% faster delivery than Fabric could have achieved if they’d managed the process internally.
Secureframe also pulled out all the stops to ensure the final part of the process—being audited and obtaining the SOC 2 type 1 report itself—was delivered ahead of deadline. Initially, Rachana had hoped to have it completed within four weeks. In fact, she had the report in her hands in just two.
That’s another example of Secureframe getting things done for Fabric in half the time.
Importantly, because Secureframe automated and streamlined so much of the work Fabric would otherwise have needed to do manually, the company saved hundreds of engineering hours. These time savings meant Fabric could stay focused on other business priorities, such as continually improving platform infrastructure, building security programs, and developing product lines and getting them to market quickly.
With SOC 2 type 1 certification now delivered—and type 2 to follow very soon—Fabric has shown its customers and prospects that security is a primary focus.
As well as the time and potential disruption that Secureframe has saved Fabric, Rachana appreciates both their unique process and the role Secureframe’s dedicated team played in helping them achieve SOC 2.
“Having Secureframe made a huge difference. Without them, I don’t feel we’d have achieved SOC 2 type 1 with the same rigor, we wouldn’t have closed every gap we found, and as a result, the process would have taken longer,” says Rachana.
She adds: “Secureframe has the right team, the right platform, and the right experience to help businesses get SOC 2 certified within tight timeframes. Also, because they operate in a SaaS environment themselves, they understand what is needed to be successful as a SaaS business.”
As a business that handles sensitive customer data, obtaining a SOC 2 report was an essential step for Fabric. By working with Secureframe, they achieved SOC 2 type 1 at twice the speed. As a result, customers have added trust in their security resilience—and Fabric has yet another competitive edge.
“I’d recommend Secureframe to other businesses looking to get a SOC 2 for the first time,” says Rachana. “Working with them has been great from a timeline perspective, a process perspective, and a support perspective. I would have not finished my SOC 2 type 1 so quickly if I didn't have Secureframe.”