Driving Trust with Compliance: How Kin Analytics got SOC 2 compliant to win client trust
US-based Kin Analytics specializes in getting data to work for organizations. The analytics firm enhances decision-making by unlocking the full potential of data using AI-driven analytical models. Working closely with soccer clubs, national sports federations, leasing companies, and major banks and retailers across 4 continents, Kin Analytics is committed to empowering clients with critical, actionable insights; and being a reliable partner that they can trust with their data.
-
SOC 2
-
USA
-
2 months
Time to SOC 2 compliance
-
3 days
To complete SOC 2 Type 1 audit
-
Improved responses
To security incidents
Ready to get
started?
Key requirements
A hands-on compliance ally to get the company SOC 2 compliant within a tight deadline and help formalize compliance practices to build client trust
Sprinto solution
Expert-guided SOC 2 implementation using a pre-built SOC 2 security program, supported by out-of-the-box policies, training modules, and asset-management workflows, and powered by automation
Challenge: Translating trust into stronger partnerships
βInfosec officer is just a part-time job for me here,β laughs Rafael UrgilΓ©s, Chief IT-S Consultant at Kin Analytics. βIβm also an account and project manager for the enterprise divisionβ he adds. Rafael wears many hats at Kin Analytics, and given his extensive IT background, he took on the mandate to drive SOC 2 compliance and establish the security practices required to turn one-off engagements into lasting partnerships built on trust.
A significant portion of the Kin teamβs day-to-day involves dealing with security requests from a diverse clientele. From tracking player performance for the Brazilian Football Confederation to helping American leasing companies calculate risk for new products, Kin runs analytics for a broad range of segments and industries, making a well-structured security program a key requirement for the company.
βWhen anyone wants to share information with us, all the department heads at Kin come together to define the most secure approachβwe propose ideas, poke holes, and collaboratively arrive at the best solution.β
Kin Analytics places the utmost importance on the security of its clientsβ assets as well as its own systems and processes, given that it works extensively with large, often sensitive datasets to develop analytical models.
The need for SOC 2 arose as a proxy for trust. Initially, Rafael was a little taken aback when a couple of North American clients asked for SOC 2 certification β Kin Analytics isnβt a product firm and the only technical assets they needed cover for were the cloud providers on which they stored and processed client data.
βOur clients want to know that any information they share with us is secure.β
Previously, Kin Analytics would entertain security due diligence requests on an as-and-when basis, an activity that lacked structure and eloquence. The organization wanted to formalize and streamline this process while securing cloud assets.
Since the lack of a SOC 2 audit report became a blocker for engaging up-market clients in the US, Rafael received a short six-week timeline to get SOC 2 audited and subsequently began evaluating compliance tools. Trust being a central axiom at Kin Analytics, he was keen on bringing in the experts to help guarantee a SOC 2 attestation for the company.
I think I got lucky in finding Sprinto. Theyβve been a true partner in our journey.
Solution: Securing trust and instilling best practices
After working with a Sprinto CSM to lay out a roadmap for SOC 2 certification, Kin Analytics started off its SOC 2 journey by seamlessly integrating Sprinto into its stack.
Sprintoβs expert-led, time-bound, guided approach to program implementation ensured total alignment with defined timelines and helped Kin Analytics stay the course throughout its SOC 2 journey.
Sprintoβs best assets are the people. They were very patient with us.
Cloud accounts were brought onto the platform via workspace integrations, cloud infrastructure providers were mapped to SOC 2-aligned controls, and the platform began running automated tests to validate these controls. Immediately following this exercise, Rafael was able to view the progress toward SOC 2 on Sprintoβs consolidated dashboard, along with assets, controls, and their status.
Having the big picture of all your resources is eye-opening. I thought we were doing fine, but we definitely could be doing better.
Sprintoβs pre-built policies library and training modules were instrumental in helping Kin Analytics close the compliance loop without too much time and effort. Policy templates could be configured and sent to employees directly from the platform with capabilities to track policy acknowledgments in real time and send reminders for pending work.
Dr. Sprinto β Sprintoβs integrated device management system βalong with policies and staff training exercises, played a major role in aligning both technical and tactical assets at Kin Analytics, instilling compliance best practices across the board.
Once Kin Analytics had its integrations, policies, and assets set up on Sprinto, everything else fell into place. The organization gained visibility into security gaps, pending tasks, check performance, and how to fix failing controls in time.
As a result, Kin Analytics went from 65% audit-ready on Sprintoβs dashboard to around 90% within a week.
With just a couple of clicks, youβre connected to all your cloud providers, security and vulnerability scanners, and internal communications toolsβeverything is out-of-the-box
Results: SOC 2 certification and a compliance-first culture
Managing compliances on Sprinto helped Kin Analytics speed through their SOC 2 Type 1 audit.
βI canβt believe how fast our audit was,β exclaims Rafael.
After finalizing an auditor from among five options provided by Sprinto, Kin Analytics was presented with a timeline of 3 weeks for completing the audit. This turned out to be an overestimate.
βWe onboarded our auditor to Sprinto on Wednesday, and the same Friday I received a message from them asking for access to some documents. We gave them access and by Saturday the auditor said that weβre done,β he recalls.
Apart from the feat of clearing a SOC 2 Type 1 audit in 3 days, Sprintoβs consolidated dashboard has also been a source of confidence for Rafael when facing fresh audits.
βFor our SOC 2 Type 2 audit, the auditor said that as long as we donβt go below 95% on the dashboard, weβre good. And they were right, we passed the audit with flying colors!β
With compliances streamlined on Sprinto, Kin Analytics has seen a culture shift.
Sometimes you think youβre doing things the best way, but working with experts shows you where there is room for improvement.
The security best practices instilled at Kin Analytics as a result of compliance-aligned policies, security training, and continuous control monitoring have helped the company operate with a renewed sense of security.
Rafael gives an example to illustrate β βOne of our consultants in Peru had his laptop stolen. When I heard about it, I just thought, βThis is why weβre doing this.β Sprinto gave us a comprehensive view of the compliance status of all our systems, so we could rest assured that security standards were maintained for every device and internal policies were being followed. Weβre seeing the value of having this platform onboard.β
Coming back full circle, Kin Analytics has been able to build trust externally with clients and secure practices internally by aligning with SOC 2 standards, maintained and monitored over Sprinto.
Trust is both the crux of transactions at Kin Analytics and a lever to help build multi-year engagements. Sprinto enabled Kin Analytics to ingrain and prove trustworthy practices, so they could bank on the trust they had built and cultivate it to win big.
Itβs important to get your house in order first before heading out, and thatβs what Sprinto helped us do.
