How Haystack Leveraged Secureframe’s Numerous Integrations to Get SOC 2, ISO 27001, and ISO 27701 Certified

Haystack is an enterprise SaaS platform that is on a mission to make big companies feel small. Organizations use Haystack to engage their workforce by streamlining internal communications, fostering real human connections, and providing a centralized place employees can go to find the information, people, and resources they need to do the best work of their career.


“Secureframe was a no-brainer for us. Their dedicated compliance manager, the wide range of vendor integrations, and the growing list of service offerings made the choice easy.”

Yingsong Wang, Information System Security Engineer, Haystack




  • Enterprise clients demanded security and privacy compliance.
  • Lengthy security questionnaires were consuming too much time and impeding sales.
  • Lacked the in-house expertise to achieve compliance and needed to move quickly.
  • Needed a solution that could handle multiple compliance needs (SOC2 Type I & Type II, ISO27001 & ISO27701, and more).


Secureframe met Haystack’s needs by providing several advantages::

  • Vital expertise and true partnership, which expedited compliance approvals.
  • Numerous vendor integrations covering all aspects of their compliance needs.
  • Comprehensive offering of compliance solutions covering the company’s broad requirements.
  • An easy-to-use platform.


  • Completed SOC2 Type I readiness and audit in less than two months and commenced SOC 2 Type II audit one month later.
  • Completed ISO27001 year-one audit.
  • Accelerated Haystack’s sales cycle.
  • Improved security and privacy postures on the Haystack platform.


Security posture and security compliance were fundamental for Haystack’s enterprise clients and were critically needed to accelerate the sales cycle, but Haystack lacked the expertise to move quickly on achieving compliance

Haystack, which offers a SaaS solution to help companies better engage their workforce, had enterprise customers demanding security compliance. With a small and nimble team, Haystack knew they needed to move rapidly, but they also recognized that they didn’t have the experience or bandwidth to complete the compliance process alone. Haystack needed a solution that would allow them to move quickly without consuming a lot of their valuable time.


“We sell to enterprise clients that need security and privacy compliance; otherwise there is no sale. It’s a requirement,” says Yingsong Wang, Information System Security Engineer at Haystack.

Furthermore, continuously filling out detailed security questionnaires was hindering the company’s sales efforts. Haystack needed to free up their team so they could focus on more strategic activities.


“Answering the security questionnaires is very challenging on our side, and we must do it for every client. It’s an inefficient use of our strained resources.”


Secureframe’s broad set of 100+ vendor integrations, comprehensive solution coverage, and deep expertise made them the obvious choice for Haystack

Haystack needed multiple compliance solutions for SOC2 Type I and Type II, ISO27001, ISO27701, and more. Their search for a partner that could be a one-stop shop for handling all their needs led them to Secureframe.

As a small team, Haystack knew that whatever solution they chose, minimizing their internal overhead was essential. Yingsong was impressed by all the integrations available within the Secureframe platform and how quickly that would allow them to proceed.


“We use automatic integrations from many different vendors, such as security training, HR, MDM Solutions, and cloud platform providers. The greatest thing about the platform is we just upload evidence and the auditor can then go to the data room to find the evidence from the controls that we implemented."

Yingsong was also impressed by the task management features available in Secureframe. Since the platform automatically manages updating the task list, it saves Haystack significant project management time.


“One of the best parts of the platform is that it has a task list to show the remaining tasks for SOC 2 compliance, for example. It also shows the remaining tasks for each individual person."


Not only did Haystack complete their SOC 2 Type I readiness and audits in record time, but they also accelerated their sales cycle and enhanced the security and privacy of the Haystack platform

For businesses that choose to manage SOC 2 internally, the process usually takes around nine to twelve months—and comes with no guarantee of success at the end. Using Secureframe, Haystack completed their SOC 2 Type I readiness and audit in under two months and commenced their SOC 2 Type II audit one month later.


“We now have all the security and privacy certificates that prospective customers are looking for, so we can take the security and privacy concerns out of the sales conversation and focus on other priorities,” says Yingsong.

Eliminating the need to fill out new security questionnaires for each deal was a big win for Haystack. It accelerated their sales cycle and freed up key resources. And Haystack didn’t stop there. They took their learning from the compliance product and used that to build a stronger platform for their customers. 

Yingsong would recommend Secureframe to any business looking to rapidly achieve security compliance, whether it is for SOC 2 Type II or other compliance needs.


"Working with Secureframe is an awesome experience. We started with Secureframe from the early days, and the platform has become better each day.”