How Sprinto helped Dataplant leap towards SOC2 compliance with a pre-approved program

Launched in 2022, Dataplant is an AI-enabled customer success intelligence platform that analyzes a wide berth of customer data to autogenerate actionable insights for improving outcomes across the board.

SOC2

SOC2

Asia

6 weeks

Time to SOC2 readiness

3 weeks

Time to complete Type 1 audit

Ready to get started?
Challenge

Mithelesh Kumar, Co-founder and CTO of Dataplant, is working toward making analytics a superpower for customer success teams. “Generic advice is helpful, but not useful. We are building an analytics platform that looks at customer-specific data and curates insights to help CSMs make super strategic moves,” remarks Mithelesh.

Because data-based customization forms the backbone of their analytics platform, Mithelesh knew questions about information security are bound to arise. “We just did not realize these questions would come up this early on,” he exclaims.

“During our Beta phase, we had people who were keen on signing up as paying customers but were reluctant because we did not have security reports to show. It became mission-critical to fix our security and get compliant.”

Dataplant decided to get a SOC2 Type 1 report at the earliest. As for criteria,

  • Mithelesh preferred to work with a platform that came with plug-and-play capabilities. “I was aware and fairly comfortable dealing with technical aspects of SOC2, but matters of policy documentation and security training were not something I was cut out for,” he remarks.
  • Proof of success was important. Mithelesh sought recommendations from his peers and preferred to work with a platform that was tried and tested. “A fellow founder recommended Sprinto. They had the best things to say about it.”
  • Because they are an early-stage startup, cost was also a significant concern. “Every other platform we looked up would break the bank. Sprinto was the only one that matched our cost expectation.”
Solution

Dataplant partnered with Sprinto to get SOC2 compliant fast and leap towards a Type 1 audit to unblock stuck deals.

Sprinto integrated with Dataplant’s systems to monitor key controls across 3 Trust Service Criteria (TSCs). The platform was quick to pinpoint gaps and prompt corrective measures to ensure compliance.

“Whether it was a problem with personal repos, Github code, or hiccups in the general setup, Sprinto underlined security issues clearly and quickly,” notes Mithelesh.

Dataplant also made use of Sprinto’s policy templates and system descriptions to cover non-technical aspects of SOC2.

Creating 40-50 page policy documentation is tedious. With Sprinto, I did not have to start from scratch – the system generated useful templates that we could simply run with.

Results

Dataplant was SOC2 ready in under 6 weeks and completed the Type 1 audit 3 weeks later.

The startup, now out of its Beta phase, is ready to go commercial armed with its SOC2 report. “We have now made it publicly known that we are SOC2 compliant. And prospects who were waiting for this report have also been informed. We are excited about closing these deals,” mentions Mithelesh.

He also points out how Sprinto was able to accommodate Dataplant’s crude setup and carve a path to security.

The platform showed us the path we needed to follow. I was almost overlying at one point, but the journey fit the purpose.

“As a first-time founder, I did not realize the sheer number of things we needed to do to get compliant. Sprinto mentored us through it all,” calls out Mithelesh.

“The dashboard now gives us visibility into checks that are failing and passing, and when systems are syncing, and this tells me Sprinto is as much as an analytics platform, as it is a security monitoring tool,” he adds.

As a data scientist, Mithelesh knows the value of working with the right kind of data. “To drive business, you need to have the right KPIs, and to build the right KPIs, you need to look at the right data and analyze it for gaps and opportunities,” he says. “It was evident Sprinto works on the same principle”