How Sprinto helped Kodif step up towards enterprise-readiness with compliance
Founded in 2021, US-based Kodif is a low-code platform for scalable CX automations. Applied, the platform allows brands to roll out efficient, delightful self-serve experiences without leaning on an army of engineers.
SOC2 Type 2
HIPAA
USA
<20%
Marginal effort to layer on compliances
1 hour/week
Time spent on compliance tasks
100%
Improvement in overall enterprise readiness
Ready to get started?
Challenge
As an AI and ML-enabled platform, Kodif recognizes that its value is best realized by brands of a bigger size and scale. “AI engines perform better with lots of data. Typically, mid-sized and large companies sit on a mountain of customer data. And we knew early on these businesses are likely to benefit most from using the platform, in terms of efficiency gains” notes Norm Usenkanov, CTO at Kodif.
To prime themselves for mid-market and enterprise success, Kodif decided to buff up the platform by aligning it to security compliances. “Early signals confirmed that to land a conversation with a large company, we need to prove compliance,” claims Norm. “Big companies need assurances,” he adds.
To satisfy this sales motion, Kodif decided to pursue SOC2 and HIPAA compliances. “We saw some interest from healthcare-related companies but these would only share information once we were HIPAA compliant and could lawfully sign a Business Associate Contract (BAC) with them,” notes Norm.
Having dealt with compliance in his last role, Norm knew firsthand how complicated things could get. “We wanted to get it over with – we were small and figured we could handle the load better now than later,” he remarks.
Expertise and responsiveness were key criteria for Norm to choose a compliance solutions partner. “We wanted someone who could come in with both technical and human expertise,” he notes.
When referred by a peer, Norm explored Sprinto. “Technically, Sprinto felt on par with others. But what we liked most was the assurance of one-on-one support,” remembers Norm.
With compliance, there’s a lot to do. That’s what’s problematic. And with limited time and resources, it can feel like a lot of work. We wanted someone to handhold us and take us through the process. We needed good support. Sprinto met that mark.
Solution
Kodif integrated with Sprinto and got started with the SOC2 Type 2 compliance program. Deployed, Sprinto pulled control information from Kodif’s systems to be mapped to SOC2 checks. On Kodfi’s part, Norm, along with a member from DevOps and engineering pulled their weight to fill the gaps identified by Sprinto. “Sprinto called out deficiencies and we would move to resolve them – from encrypting databases to deploying dependabot in GitHub. We spent about an hour a week completing such tasks,” notes Norm.
Once SOC2 implementation was completed, Kodif moved toward enforcing HIPAA controls. Because SOC2 controls significantly overlap with HIPAA’s, the marginal effort on Kodif’s part was less than 20%.
With HIPAA, Sprinto really helped us understand the law and navigate its requirements.
Results
Kodif completed Type 2 implementation in a month and went into observation for roughly 4 months. They received their SOC2 Type report 4 weeks after.
Implementation of HIPAA controls was organized and completed along with SOC2. Kodif’s HIPAA audit was completed in 3 weeks following evidence collection and they received their HIPAA certificate along with their SOC2 report.
Since achieving compliance, Kodif is no longer on its heels trying to figure out how to respond to enterprises. “Armed with compliance reports, we feel more confident entering into conversations with large companies,” notes Norm.
Putting advantage on their side, Kodif has since unblocked a deal with a healthcare prospect that required them to be HIPAA compliant for scoping and solutioning. Besides, their sales and marketing teams have gone on to adopt the SOC2 report to demonstrate product maturity and generate interest and demand for the platform.
With Sprinto operating in the background, Kodif works with the assurance of continuous compliance – one it extends to its prospects and customers. “When compliance becomes a part of the day-to-day, it becomes a part of the larger culture,” says Norm.
Sprinto ensures best practices. It’s always up to date and lets us know exactly what we need to do to remain above the 95% compliance mark. It’s a bi-monthly effort and requires no more than 30 minutes on our part.
