How Kinectify Got Their SOC 2 Type I in 2 Months and Spent 5 Hours to Get SOC 2 Type II Ready
Kinectify is an AML risk management technology company serving gaming operators both in the US and Canada. Kinectify’s modern AML platform seamlessly integrates all of an organization’s data into a single view and workflow empowering gaming companies to efficiently manage risk across their enterprise.
“With Secureframe, you’re going to get your SOC 2 Type I and II audits done quickly, get great advice, and build trust with customers.”Mike Calvin, CTO, Kinectify
- Wanted to demonstrate commitment to security before bringing their first customer onto the platform.
- Processed large amounts of PII so needed SOC 2 reports to establish trust with customers.
- CTO had spent hundreds of hours of executive time getting ISO 27001 certification with another firm.
Secureframe provided Kinectify with:
- A SaaS platform that made the SOC 2 process easy and fast.
- Automated evidence gathering implemented through its integrations.
- Expert guidance from a member of the compliance team.
- A library of policy templates that have been vetted by former auditors.
- A connection to Prescient, an audit firm with deep expertise in the Secureframe platform.
- Went from kickoff to SOC 2 Type I in less than three months.
- Got SOC 2 Type II report in only two months.
- Saved time by offloading a lot of the back-and-forth evidence gathering to the platform.
- Low lift during the audit with the auditor doing 90% of their evidence gathering through Secureframe.
- Landed major contracts with the top 10 gaming companies.
Kinectify’s product processes large amounts of personally identifiable information (PII), so having both SOC 2 Type I and Type II reports was needed to build trust with customers
Kinectify, an anti-money laundering compliance platform for the gaming industry, was founded in 2020. Its platform was designed to process large amounts of PII data for enterprise-level businesses. To get ahead of compliance requirements and establish trust with customers, Kinectify’s CTO, Mike Calvin, wanted to demonstrate that they’re taking security seriously even before bringing their first customer onto the platform.
Having gone through the compliance process before with another firm, Mike expected that it would take about a year and hundreds of hours of executive time to get SOC 2 Type I and, ultimately, SOC 2 Type II compliant.
“In my previous experience, each executive on my team spent 30-40 hours a month over the course of a year to get compliant.”
Secureframe’s platform, especially the integrations and policy templates, combined with expert guidance from compliance experts, made the entire process fast and easy
Mike quickly learned that partnering with Secureframe drastically reduced the amount of time he and his team needed to spend getting SOC 2 compliant. Shortly after partnering with Secureframe, their assigned compliance expert kicked off the project and prepared Kinectify for the SOC 2 Type I audit readiness process.
Automated evidence collection was implemented through Secureframe’s integrations, and Mike’s team saved at least a quarter’s worth of work by leveraging Secureframe’s existing policy templates, which have all been vetted by former auditors.
“Secureframe has a great library of existing policies that we were able to build off of. That was a huge help and a real kick starter, saving at least a quarter’s worth of work by the CEO and CTO.”
Once the audit readiness report was complete, Kinectify used an auditor from Secureframe’s network to complete their SOC 2 Type I report. Due to the auditor’s familiarity with Secureframe’s platform, Kinectify was able to offload a majority of the back-and-forth and evidence gathering to the platform. This made getting SOC 2 Type I compliant much faster and easier than Mike expected.
“The SOC 2 Type I felt almost anti-climactic. We engaged the auditor, we didn’t talk to them for a couple of weeks, and then they were ready to write the report. The automated evidence collection really minimized the interaction we needed to have with our auditors."
Less than a year later, Kinectify was ready to get their SOC 2 Type II report. Leveraging their partnership with Secureframe, they were able to establish a relationship with a new audit firm, Prescient. Prescient’s experience and usage of Secureframe’s platform significantly minimized the back and forth between Mike’s team and the auditor.
“All in all, we probably spent less than 5 hours with them — outside of what we already allocated to keeping our readiness reports in check in Secureframe — to achieve Type II. It couldn’t have been a smoother process for us.”
Kinectify got their Type I report in less than three months and their Type II report in less than two months
Less than three months after kickoff with their Secureframe compliance expert, Kinectify had a SOC 2 Type I report in hand. Next June, they began their engagement with Prescient and got their SOC 2 Type II report by the end of July.
“We spent less time achieving SOC 2 type I and II with Secureframe and Prescient than I spent achieving type I with a previous organization.”
As a young company, having these reports were crucial to closing large deals quickly. With them, they could quickly prove their strong security posture and speed up sales cycles.
“We’ve landed major contracts with the top 10 gaming companies that would’ve still been in the vendor acceptance process if we didn’t have the SOC 2 in place.”
Having the SOC 2 reports is a differentiator for Kinectify among their competitors and has brought peace of mind to the executive team. By checking Secureframe’s Readiness Report on a consistent basis, Mike can verify their compliance posture and fix any issues that are flagged by the Secureframe platform.