Challenge

Since launching in the US in 2020, Fyle has significantly grown its customers and partner network.

The real ask for SOC 2 came from customers and partners. As IT expanded its operations and moved upmarket, Fyle increasingly came across enterprises and partners that preferred SOC 2 compliant technology providers.

“We realized that while data security has always been a top priority, getting 3rd party validation would position us better with large corporations and partners. Getting SOC 2 compliant seemed like the obvious next step for us,” adds Siva Narayanan, Co-founder & CTO at Fyle.

Going the Manual route

At first, Fyle tried partnering with a security consultant but soon ran into a host of challenges.

“We had a massive checklist and ensuring that it was maintained on a regular basis was a humongous task in itself. We were burdened with manual evidence collection, eating into hours of our time and effort. But what seemed less than ideal was that there was no guarantee that Fyle would stay compliant after 6 months!” explains Siva .

After many weeks into the manual process, Fyle was still lingering at gap analysis, making Siva question the way ahead. Having promised certain timelines to customers and partners, delaying SOC 2 compliance would subsequently derail growth and cost the company thousands of dollars.

Automation in, Manual out

Siva and his team started looking for compliance automation tools and discovered Sprinto.

The distinct and intentional focus on technology and automation as opposed to somebody having to manually go through checklists, appealed the most about Sprinto to Siva. It also eliminated his biggest fear of key compliance checks getting missed and gave him the confidence to partner with us.

Solution

Championing their ethos of putting customer security first, Fyle started their SOC 2 (Type 1) compliance process with a 10-day 1:1 onboarding session.

During these sessions, Sprinto’s compliance experts helped team Fyle with:

• Setting up Sprinto and getting the entire Fyle team to use it
• Downloading and using Dr. Sprinto (Sprinto’s inbuilt MDM tool)
• Choosing owners against responsibilities and checklists
• Completing information security training to learn about password management, best email practices, and how to avoid phishing scams
• Assessing security gaps and risks, and accepting policies essential for SOC 2
• Picking an auditor from Sprinto’s pre-vetted network

Results

Unlocking speed and seeing immediate results

Within three weeks, Fyle received their SOC 2 (Type 1) report, with near zero auditor interface.

“What I love about Sprinto is that it presents information and evidence the way an auditor expects to see it. Getting our SOC 2 – Type 1 compliance certification gives us a competitive advantage to work with larger enterprise organizations and partners. It also helps us build trust with our existing customers by showcasing our investment to achieve and maintain the highest level of security and compliance.” adds Siva.

Building for the future

Fyle is currently undergoing its SOC 2 Type 2 process with Sprinto. Siva and his team are anticipating a lot of growth this year and are excited about the opportunities that lie ahead.

Up next for Fyle is PCI DSS compliance. Since Sprinto is automatically monitoring Fyle’s checklists and entities, they are also over 60% audit ready for PCI-DSS. This not only helps with saving months of CTO bandwidth but also gives team Fyle a head start on their next compliance journey with the ability to scale across frameworks within days instead of months.

The team was burdened with massive spreadsheets, and manual evidence collection, and spent hours of back and forth with the auditor. 3 months into the engagement, we were still lingering at gap analysis.

Moving to Sprinto was our most rewarding decision. The team at Sprinto helped us get SOC 2 compliant much ahead of time as compared to our expectations. The attention to detail in the platform is remarkable, making it easy and enjoyable to use.

“The dashboard is great at pinpointing who needs to do what within the organization and proves to be effective in keeping us compliant,” adds Siva.