Haystack, which offers a SaaS solution to help companies better engage their workforce, had enterprise customers demanding security compliance. With a small and nimble team, Haystack knew they needed to move rapidly, but they also recognized that they didn’t have the experience or bandwidth to complete the compliance process alone. Haystack needed a solution that would allow them to move quickly without consuming a lot of their valuable time.

“We sell to enterprise clients that need security and privacy compliance; otherwise there is no sale. It’s a requirement,” says Yingsong Wang, Information System Security Engineer at Haystack.

Furthermore, continuously filling out detailed security questionnaires was hindering the company’s sales efforts. Haystack needed to free up their team so they could focus on more strategic activities.

“Answering the security questionnaires is very challenging on our side, and we must do it for every client. It’s an inefficient use of our strained resources.”

Haystack needed multiple compliance solutions for SOC2 Type I and Type II, ISO27001, ISO27701, and more. Their search for a partner that could be a one-stop shop for handling all their needs led them to Secureframe.

As a small team, Haystack knew that whatever solution they chose, minimizing their internal overhead was essential. Yingsong was impressed by all the integrations available within the Secureframe platform and how quickly that would allow them to proceed.

“We use automatic integrations from many different vendors, such as security training, HR, MDM Solutions, and cloud platform providers. The greatest thing about the platform is we just upload evidence and the auditor can then go to the data room to find the evidence from the controls that we implemented."

Yingsong was also impressed by the task management features available in Secureframe. Since the platform automatically manages updating the task list, it saves Haystack significant project management time.

“One of the best parts of the platform is that it has a task list to show the remaining tasks for SOC 2 compliance, for example. It also shows the remaining tasks for each individual person."

For businesses that choose to manage SOC 2 internally, the process usually takes around nine to twelve months—and comes with no guarantee of success at the end. Using Secureframe, Haystack completed their SOC 2 Type I readiness and audit in under two months and commenced their SOC 2 Type II audit one month later.

“We now have all the security and privacy certificates that prospective customers are looking for, so we can take the security and privacy concerns out of the sales conversation and focus on other priorities,” says Yingsong.

Eliminating the need to fill out new security questionnaires for each deal was a big win for Haystack. It accelerated their sales cycle and freed up key resources. And Haystack didn’t stop there. They took their learning from the compliance product and used that to build a stronger platform for their customers. 

Yingsong would recommend Secureframe to any business looking to rapidly achieve security compliance, whether it is for SOC 2 Type II or other compliance needs.

"Working with Secureframe is an awesome experience. We started with Secureframe from the early days, and the platform has become better each day.”