Rootly, an incident management platform, was finding themselves in the midst of multiple large sales deals. Unfortunately, all of these prospective customers required a SOC 2 report before signing on. Filling out long, repetitive security questionnaires was not an effective use of time, so Rootly decided to pursue SOC 2.

Like many companies, Rootly quickly learned that the process of getting SOC 2 compliant would take hundreds of hours of manual work. Doing SOC 2 by themselves wasn’t an option.

“We’re a small team. We just didn’t have the time or resources to get SOC 2 ready while building our product and growing our company at the same time.” says JJ Tang, Co-Founder at Rootly.

That’s when JJ began looking for software solutions to help streamline the process. In his search, JJ began evaluating multiple companies such as Secureframe, Vanta, and Laika. He wanted to make sure that the solution helped automate most of the process.

But more importantly, given this was Rootly’s first time going through SOC 2, JJ wanted to make sure that he was working with knowledgeable experts that could hold his team’s hand through the entire process and provide exceptional service beyond the platform checklist to the actual audit itself.

“I wanted a robust product that would get us compliant fast, yes. But it was more important for me to work with knowledgeable experts who’d help with every step, including during the audit itself. I wanted them to be able to work in the background, remove any confusion, and do the heavy lifting, so I could focus on growing my company and not think about the compliance process.”

JJ scheduled demos with multiple companies in the space, including Secureframe, Vanta, and Laika. After completing multiple demos, JJ realized that while each company offered a strong platform to help automate a lot of the evidence collection process, Secureframe took it an extra step further by providing dedicated white glove support from ex-auditors, and would stand by him during the actual audit itself. 

“From the demos, it was clear to me that Secureframe’s dedicated compliance team would go above and beyond, hold my hand through the entire process and make SOC 2 compliance feel like less of a black box." 

"They provided shared Slack channels for questions, multiple compliance experts supporting my account, and the team wouldn’t step away once they deemed us 'audit-ready'. They’d actually be with me during the audit, help translate 'auditor speak', and advocate for me if my auditor was making requests I didn’t know how to handle. It made me feel a lot more confident choosing them.” 

JJ also liked the strong auditor relationships Secureframe had. He could tell that they didn’t try to work with everyone, but rather, the best in the industry who’d provide a strong customer experience and make the audit process as painless as possible. 

Given the strength of Secureframe’s platform and 100+ integrations, their strong auditor relationships, as well as the end-to-end white glove support provided that went above what JJ noticed from other companies, JJ decided to work with Secureframe. 

Once onboarded, Secureframe created a thorough checklist of all the required steps and documentation Rootly needed and what evidence they needed to provide to meet SOC 2 requirements. Secureframe was able to automate most of the evidence collection process through its 100+ integrations. 

“The integrations were easy to set-up. Once connected, it pulled everything that was required, which saved my team a lot of time and manual effort. We didn’t need to supplement the data with much else. The integrations were very rich.”

Given this was Rootly’s first SOC 2, their team naturally had a lot of questions and needed reliable support. Secureframe’s customer success and compliance team was always there, answering questions typically in less than a day via Slack or check-in calls, providing tailored advice and recommendations, and keeping Rootly on track to meet their tight deadline to get their SOC 2 report. 

“The support was super responsive. We had an urgency to get answers quickly and always got it. I remember asking Secureframe about how to talk to prospects about security questionnaires and how to best position ourselves, and got answers immediately. I also liked that the compliance experts didn’t just give me generic answers. They took it a step further by educating me on why something was important, and why we should do one thing over another.”

Rootly was able to get audit-ready in weeks with Secureframe’s support. But the support didn’t end there. When Rootly was going through the audit itself, Secureframe’s team was there, and actually helped clarify some auditor requests for more evidence and pushed back.

“I remember being on an auditor call and we were asked to provide additional evidence. Secureframe’s team pushed back on the auditor and got them to retract their request while making sure our requirements were met. That’s the extra level of support you don’t get from just using a piece of software.”

With Secureframe’s deep expertise, support and guidance, Rootly received their SOC 2 report without any issues or delays, meeting their tight deadline. 

Rootly saved hundreds of hours of manual work for their team by working with Secureframe to get SOC 2 ready and get their report.

“Secureframe allowed us to get SOC 2 compliant as fast as humanly possible without cutting corners. They saved us hundreds of hours and made sure the process was as easy as possible with their expert support. We could focus on sales while Secureframe handled our compliance.”

Getting SOC 2 ready can often take months. Rootly was able to get SOC 2 ready within just 2 weeks. 

Another huge benefit was unblocking multiple enterprise deals Rootly had in the pipe.

“We were in the middle of multiple negotiations with larger companies. Having SOC 2 meant security was no longer an issue, and our deals could keep progressing. We often get asked about security early in the deal process so having SOC 2 meant we were never screened out.”

Finally, despite being a young company, SOC 2 gave Rootly a huge competitive advantage against larger competitors who aren’t SOC 2 compliant yet. 

“Having the report in hand lends us a lot of credibility. I know a lot of larger companies in our space that are nowhere close to SOC 2 ready. It’s given us a huge competitive edge.”

With their SOC 2 report in hand and Secureframe continuously monitoring their state of compliance for the future, Rootly can focus on growing their business and never worry about falling out of compliance both in the short term and long term. 

“If you’re new to SOC 2 and want someone that holds your hand from beginning to end, makes the process literally as easy as possible, and makes sure you never feel lost or confused, choose Secureframe. The product coupled with the service I got is unparalleled in this space. I’d pick Secureframe again.”