Driving Trust with Compliance: How Kin Analytics got SOC 2 compliant to win client trust
US-based Kin Analytics specializes in getting data to work for organizations. The analytics firm enhances decision-making by unlocking the full potential of data using AI-driven analytical models. Working closely with soccer clubs, national sports federations, leasing companies, and major banks and retailers across 4 continents, Kin Analytics is committed to empowering clients with critical, actionable insights; and being a reliable partner that they can trust with their data.
Key requirements
A hands-on compliance ally to get the company SOC 2 compliant within a tight deadline and help formalize compliance practices to build client trust
Sprinto solution
Expert-guided SOC 2 implementation using a pre-built SOC 2 security program, supported by out-of-the-box policies, training modules, and asset-management workflows, and powered by automation
SOC 2
USA
2 months
Time to SOC 2 compliance
3 days
To complete SOC 2 Type 1 audit
Improved responses
To security incidents
Ready to get started?
Challenge: Translating trust into stronger partnerships
“Infosec officer is just a part-time job for me here,” laughs Rafael Urgilés, Chief IT-S Consultant at Kin Analytics. “I’m also an account and project manager for the enterprise division” he adds. Rafael wears many hats at Kin Analytics, and given his extensive IT background, he took on the mandate to drive SOC 2 compliance and establish the security practices required to turn one-off engagements into lasting partnerships built on trust.
A significant portion of the Kin team’s day-to-day involves dealing with security requests from a diverse clientele. From tracking player performance for the Brazilian Football Confederation to helping American leasing companies calculate risk for new products, Kin runs analytics for a broad range of segments and industries, making a well-structured security program a key requirement for the company.
“When anyone wants to share information with us, all the department heads at Kin come together to define the most secure approach—we propose ideas, poke holes, and collaboratively arrive at the best solution.”
Kin Analytics places the utmost importance on the security of its clients’ assets as well as its own systems and processes, given that it works extensively with large, often sensitive datasets to develop analytical models.
The need for SOC 2 arose as a proxy for trust. Initially, Rafael was a little taken aback when a couple of North American clients asked for SOC 2 certification – Kin Analytics isn’t a product firm and the only technical assets they needed cover for were the cloud providers on which they stored and processed client data.
“Our clients want to know that any information they share with us is secure.”
Previously, Kin Analytics would entertain security due diligence requests on an as-and-when basis, an activity that lacked structure and eloquence. The organization wanted to formalize and streamline this process while securing cloud assets.
Since the lack of a SOC 2 audit report became a blocker for engaging up-market clients in the US, Rafael received a short six-week timeline to get SOC 2 audited and subsequently began evaluating compliance tools. Trust being a central axiom at Kin Analytics, he was keen on bringing in the experts to help guarantee a SOC 2 attestation for the company.
I think I got lucky in finding Sprinto. They’ve been a true partner in our journey.
Solution: Securing trust and instilling best practices
After working with a Sprinto CSM to lay out a roadmap for SOC 2 certification, Kin Analytics started off its SOC 2 journey by seamlessly integrating Sprinto into its stack.
Sprinto’s expert-led, time-bound, guided approach to program implementation ensured total alignment with defined timelines and helped Kin Analytics stay the course throughout its SOC 2 journey.
Sprinto’s best assets are the people. They were very patient with us.
Cloud accounts were brought onto the platform via workspace integrations, cloud infrastructure providers were mapped to SOC 2-aligned controls, and the platform began running automated tests to validate these controls. Immediately following this exercise, Rafael was able to view the progress toward SOC 2 on Sprinto’s consolidated dashboard, along with assets, controls, and their status.
Having the big picture of all your resources is eye-opening. I thought we were doing fine, but we definitely could be doing better.
Sprinto’s pre-built policies library and training modules were instrumental in helping Kin Analytics close the compliance loop without too much time and effort. Policy templates could be configured and sent to employees directly from the platform with capabilities to track policy acknowledgments in real time and send reminders for pending work.
Dr. Sprinto – Sprinto’s integrated device management system –along with policies and staff training exercises, played a major role in aligning both technical and tactical assets at Kin Analytics, instilling compliance best practices across the board.
Once Kin Analytics had its integrations, policies, and assets set up on Sprinto, everything else fell into place. The organization gained visibility into security gaps, pending tasks, check performance, and how to fix failing controls in time.
As a result, Kin Analytics went from 65% audit-ready on Sprinto’s dashboard to around 90% within a week.
With just a couple of clicks, you’re connected to all your cloud providers, security and vulnerability scanners, and internal communications tools—everything is out-of-the-box
Results: SOC 2 certification and a compliance-first culture
Managing compliances on Sprinto helped Kin Analytics speed through their SOC 2 Type 1 audit.
“I can’t believe how fast our audit was,” exclaims Rafael.
After finalizing an auditor from among five options provided by Sprinto, Kin Analytics was presented with a timeline of 3 weeks for completing the audit. This turned out to be an overestimate.
“We onboarded our auditor to Sprinto on Wednesday, and the same Friday I received a message from them asking for access to some documents. We gave them access and by Saturday the auditor said that we’re done,” he recalls.
Apart from the feat of clearing a SOC 2 Type 1 audit in 3 days, Sprinto’s consolidated dashboard has also been a source of confidence for Rafael when facing fresh audits.
“For our SOC 2 Type 2 audit, the auditor said that as long as we don’t go below 95% on the dashboard, we’re good. And they were right, we passed the audit with flying colors!”
With compliances streamlined on Sprinto, Kin Analytics has seen a culture shift.
Sometimes you think you’re doing things the best way, but working with experts shows you where there is room for improvement.
The security best practices instilled at Kin Analytics as a result of compliance-aligned policies, security training, and continuous control monitoring have helped the company operate with a renewed sense of security.
Rafael gives an example to illustrate – “One of our consultants in Peru had his laptop stolen. When I heard about it, I just thought, ‘This is why we’re doing this.’ Sprinto gave us a comprehensive view of the compliance status of all our systems, so we could rest assured that security standards were maintained for every device and internal policies were being followed. We’re seeing the value of having this platform onboard.”
Coming back full circle, Kin Analytics has been able to build trust externally with clients and secure practices internally by aligning with SOC 2 standards, maintained and monitored over Sprinto.
Trust is both the crux of transactions at Kin Analytics and a lever to help build multi-year engagements. Sprinto enabled Kin Analytics to ingrain and prove trustworthy practices, so they could bank on the trust they had built and cultivate it to win big.
It’s important to get your house in order first before heading out, and that’s what Sprinto helped us do.