My AskAI is an AI customer service agent for SaaS, eCommerce and marketplace businesses that can be built in minutes and added to your existing helpdesk, saving you time on support requests so you can spend more time with your customers.
“For a number of businesses we’d spoken to previously, they’d like the product but wouldn’t even let us get a foot in the door because we didn’t have a SOC 2 report. Now we know that the only thing that’s gonna stop us winning business is down to the quality of the products—that’s quite promising for us.”
Mike Heap, Co-founder, My AskAI
Jump To
My AskAI is an AI customer service agent that can plug into companies’ existing helpdesk and be trained on their own content from a knowledge base, help center, back-end data, and more.
Over two and a half years, My AskAI’s two-person team started to get more interest from bigger businesses. With many of these enterprise prospects came bespoke security questionnaires that were tedious and time-consuming to fill out. With others, a questionnaire wasn’t enough and the deal came to a hard stop without a SOC 2 report.
“Most of our business now comes from enterprise customers and sometimes it was a complete no-go if we didn’t have SOC 2,” says Mike Heap, co-founder of My AskAI. “We basically kept a list of everyone who was asking for it, and once we hit 10, we thought this is a clear sign that we should try to get our SOC 2 report as soon as possible.”
In addition to this mounting pressure from enterprise customers, Mike and his co-founder Alex Rainey thought getting this report would be a good opportunity to formalize their existing processes.
“We were getting to a size where our processes were pretty robust,” Mike says. “We had put a lot of work into making things more secure, more reliable, and scalable, and so that was another reason we thought it'd be a good time to try to get SOC 2.”
After seeing other entrepreneurs and tech people announce they got SOC 2 compliance with an automation platform, My AskAI began evaluating several options including Vanta, Sprinto, and Secureframe. Quickly, Secureframe emerged as the best fit.
“Secureframe kind of felt like the ‘just right’ option of the three we looked at,” Mike says. “It was a good, reputable platform with professional people and an affordable price.”
For a lean startup that automates almost everything, integrations were non-negotiable when picking an automation solution.
“We automate almost all of our processes. That’s how we’re able to operate as a two-person business, and so we wanted something that was tech-first and highly integrated,” Mike explains.
Secureframe’s ability to support their Bubble-based product and connect directly to critical systems and tools allowed the team to see results right away.
“It was easy to get started immediately,” Mike says. “We were able to link up a number of systems, which made it feel like we started to make some progress from day one.”
Policy templates and in-platform guidance were equally valuable throughout onboarding and the audit readiness process—especially since it was their first time pursuing SOC 2.
“Having all the guidance written already, templates for policies, questionnaires for vendors, and things like that just guided us through the process,” Mike says. “Even though we don’t have a security audit background, we were able to quickly figure out what we needed to do and identify gaps in our processes that we needed to fill.”
They also benefited from expert guidance and proactive support from the Secureframe team, both in and out of the platform.
“We were able to speak to our account manager regularly, which was very valuable. Gerald would check in from time to time and he was also very responsive when we had questions,” Mike explains. “He would jump into our account and tell us what we needed to do or what he’d seen work in other places that were smaller businesses as well.”
This dependable, ongoing support made a major difference for My AskAI’s small, fast-moving team.
“Just knowing that someone has got an answer, or will find you an answer to any of the things that you can’t figure out—that was very valuable,” he says.
Being introduced to a trusted audit partner streamlined the final mile of the readiness process. Based on Secureframe’s recommendation, My AskAI partnered with Zero Day and right away, the kickoff call made an impact.
“They were very helpful and pragmatic. They gave us some advice and tips on some additional tests we might want to put in scope to make our lives easier, and they also explained how other smaller businesses met some of the requirements that can be a bit more onerous,” Mike recalls. “There is a big difference between a thousand-person company going for a SOC 2 versus a two-person company and so having an auditor that was mindful of that was useful.”
Once My AskAI was able to put their heads down and focus on execution, they got audit-ready in just a few weeks.
“As soon as we were able to really focus on it, it probably only took two to three weeks of hands-on actual time to make sure everything was in place, get our documentation ready, and get our evidence,” Mike says.
Even before they had their SOC 2 report in hand, they saw an improvement in their sales pipeline.
“There'd been a few recent prospects asking about SOC 2, and because we were able to say we completed our audit already, that managed to stop having the door closed and keep the conversation open with them,” Mike explains.
With the report in hand, My AskAI plans to re-engage all prospects who had requested SOC 2 and display their compliance status on their website to signal maturity and trust.
“It’s a sign of a more legitimate business in some way because you don’t get a lot of small businesses that go through the process,” he says. “Especially given that there’s so many AI tools out there, it’s a good kind of filtering mechanism for some people.”
Moving forward, My Ask AI expects to be involved in a lot more proposal processes where they were previously discounted.
“For a number of businesses we’d spoken to previously, they’d like the product but wouldn’t even let us get a foot in the door because we didn’t have that SOC 2 report,” Mike says. “Now we know that the only thing that’s gonna stop us winning business is down to the quality of the products—that’s quite promising for us.”
Aside from the anticipated impact on sales and revenue, the SOC 2 process has already leveled up the company’s operational rigor.
“Going through the process just helped us grow up as a business a bit more,” Mike reflects. “Reading these policies, going into our audit window, a lot of it forced us to be more professional about how we do things.”
Looking ahead, My AskAI team has peace of mind knowing they’re set up to maintain compliance year-round with Secureframe.
“In the platform, we set schedules for all of our different tests and evidence collections so we’ll get reminders when we need to add things in or when we’re overdue,” Mike explains. “This ensures that we’re going to be compliant come the next audit cycle.”
In addition to thinking ahead to the next SOC 2 audit, the team is already considering expanding their compliance program.
“There’s a lot of overlap with SOC 2 and ISO 27001, as you can see in the platform,” Mike says. “Assuming that we’re able to close some new business through our SOC 2 report, it’s almost a no-brainer to add on ISO afterwards.”
After seeing firsthand how smooth the process was, Mike now recommends Secureframe to other startups aiming for enterprise-grade security.
“Secureframe has great people to work with and it’s a solid platform that’s going to ensure that you can get your SOC 2 in an efficient time,” he says. “It’s just a slick way to get compliant.”
