Case Studies

Threat Stack SOC 2 Case Study v2

Issue link: https://resources.threatstack.com/i/956403

Contents of this Issue

Navigation

Page 0 of 1

Achieving SOC 2 is something that almost every SaaS company has gone through, is going through, or is planning to go through. Threat Stack completed its Type 2 SOC 2 examina on with zero excep ons listed, building on an already strong security posture across every team in the organiza on and proving our rigorous standards to the market. To get the most out of this project, we made SOC 2 to work for us — designing updated processes and tools the Threat Stack way. Getting Started Our prepara on for SOC 2 started with a simple decision — to show con nuous compliance over an extended period of me with Type 2 SOC 2 rather than point-in- me compliance through Type 1. A key element in achieving Type 2 successfully was clear communica on of what was expected of each team as we planned to evaluate, strengthen, and streamline internal processes, especially those with direct access to the pla orm's backend infrastructure. While the engineering team was ini ally concerned that small errors might jeopardize the SOC examina on, management emphasized that mistakes are a natural part of the process, as long as they are acknowledged, communicated to the right people, and resolved as quickly as possible in a systema c, disciplined manner. The "let me just fix this quickly on the fly" mentality would no longer be acceptable. This thinking brought about the first important process change at Threat Stack. To keep opera ng at the speed of business, Threat Stack would need to incorporate certain new processes, and the teams involved would need to understand the business goals behind the changes the project introduced. "If you just tell people 'don't do work without a cket,' they're going to ignore you," explained Pete Cheslock, Senior Director of Opera ons, "but if you e the request to a greater business goal, they understand." Retooling Internal Processes Because we're a security company that helps customers pass their SOC 2 exams with greater speed and confidence, our security team was able to leverage tools we already had to meet many of the the auditors' ini al Built for Success: How Threat Stack Achieved SOC 2 With Zero Exceptions FOUNDED 2012 HEADQUARTERS Boston, MA INDUSTRY Cloud Security CUSTOMERS 450+ C A S E S T U DY

Articles in this issue

view archives of Case Studies - Threat Stack SOC 2 Case Study v2