Great way to simplify SOC2 compliance and tracking
What do you like best about the product?
It was extremely simple to get started, and they have everything we needed to get SOC2 compliant and maintain monitoring without having to go through a lengthy process. For a startup where SOC2 is important, but our team doesn't have budget for a dedicated security and compliance team, it was great. The integrations with the 3rd party applications for ongoing monitoring were great, and the continuous compliance checklist is helpful as well. Implementation was easy, and provided policy docs helped us have a great starting point. They also had a great customer success team to help us get things going, and partners for low cost, but reputable, audits and penetration tests. We have used it for SOC2 type 1 and type 2.
What do you dislike about the product?
The device management and asset tracking could be better, but seems to be improving. I also wish the tasks for team members for ongoing activities like yearly security trainings, device management, etc. would be more clear. Last, adding HIPPA compliance checklists without a significant additional cost or separate process would be nice.
What problems is the product solving and how is that benefiting you?
Simplifying SOC2 compliance so that a startup can maintain SOC2 compliance, maintain evidence for monitoring periods, etc. wihtout a large security team or overly difficult process.
There are no comments to display