How Osmos Decreased Time to Compliance and Improved Their Security Posture with Secureframe

Osmos helps companies scale their customer data ingestion with an AI-powered data transformation engine that automatically cleans data, formats it, and gets it where it needs to go, complete with self-serve and automated solutions. Learn more at osmos.


“Secureframe made it possible for one of two co-founders of a fast-growing startup to take SOC 2 compliance to completion. Without Secureframe, it would have taken another six to eight months, with one person full-time, to make it happen."

Kirat Pandya, CEO and Technical Co-Founder, Osmos 




  • SOC 2 compliance is critical for Osmos’s data-centric business model.
  • Many data entry points and complex infrastructure required custom integrations. 
  • Fast-growth startup with a lean team needed an automated solution.


Secureframe supported Osmos with: 

  • The ability to build new custom integrations quickly. 
  • Automated flows to collect evidence and monitor and maintain compliance over time. 
  • A 360-degree solution offering full privacy and security support.


  • Decreased time to compliance by at least eight months while allowing co-founder to focus on growing the business.
  • Proven compliance that built confidence and closed deals with prospects. 
  • Improved overall security posture.


As a data ingestion platform, Osmos required SOC 2 to prove its data security—and due to its unique architecture, the company needed a solution that offered easy automation and integrations with their complex landscape of data services

Osmos is in the business of data. The platform ingests millions of data points from hundreds of types of infrastructure and services.

Osmos knew they couldn’t close deals without compliance.


Customers put all sorts of very sensitive data through our systems,” says Pandya.  “Every mid- to large-size customer asks you for compliance. The truth of the matter is the market demands proof of compliance, and if you don't have it, you're not going to close deals. We wouldn’t be able to continue to grow as a business.”

Despite the importance of compliance, managing the process internally was not feasible for the organization. Pandya knew it would take too long given their complex system, which has many different and evolving points of data entry.


“Just collecting an inventory of systems would take us three days of screenshots in GCP to do it, to give it to the auditor,” he says. 

So, as they set out to achieve SOC 2 Type I, Osmos began to search for the right partner. 


Secureframe’s automated processes and partnership in quickly building new integrations made the platform a perfect fit for Osmos’s SOC 2 Type I and Type II compliance

After being introduced to Secureframe, Pandya felt the platform’s automated approach and rapid development style had the potential to be a strong fit for their needs.


“Our larger customers have a hundred-plus SaaS systems deployed in their infrastructure,” he says. “As Osmos grows, I need to pick the tool that will talk to as many of my SaaS systems as possible. One of Secureframe’s value props was automated evidence collection. They have a clearly evidenced ability to move quickly on making more integrations, with connectors that talk to all the tools that we use. This gave me confidence and was a significant point in picking them.”

Osmos worked with Secureframe on both SOC 2 Type I and Type II. Pandya appreciated its automated platform that didn’t require daily maintenance.


“The greatest compliment I can give Secureframe, as a fast-growing startup, is that their solution works in the background. It solves the problem, and I can mentally move on.”

Secureframe offered value to Osmos beyond automation:

  • A 360-degree solution: According to Pandya, Secureframe is the “the full package” that supports data gathering, project management, security training, and ongoing maintenance. 
  • Advisory partner: Secureframe also gave recommendations on Osmos’ security tools: “They pointed us to a product for MDM infrastructure which turned out to be very flexible and powerful,” says Pandya. “We came out with a much better security posture.”
  • Customer service: There was full investment in making Osmos’s compliance successful. "We were under time pressure for our SOC Type I and Type II, and Secureframe came into play fast and helped us get across the finish line.”


Secureframe saved the Osmos team six to eight months of compliance work while delivering on best-in-class security that helps them stay competitive in the marketplace

Given the immensity of his company’s data ingestion, Pandya recognizes the considerable time savings that Secureframe provided during Osmos’s compliance journey.


“We wouldn’t have gotten to SOC 2 at the point we did without the evidence collection and heavy lifting that Secureframe did for us. It would have taken another six to eight months, with one person full-time, to make it happen. If I'd done it myself, I would probably still be waiting to get compliant.”

Having Secureframe’s support allowed his team to focus on other things and continue to innovate on their own product. Pandya believes Secureframe has helped do this for the industry as a whole. 


“If Secureframe hadn't existed, our competitors, our peer startups, would also all have been struggling. An entire class of enterprise software would've been delayed multiple cycles without this class of technology.”