How NimbleBox.ai aced their SOC2 Type 2 audit in under 4 months with Sprinto

San Francisco-based NimbleBox.ai manages the MLOps workflow for the data science and machine learning teams, allowing them to deploy ML models quickly and easily to their own cloud infrastructure. Today, NimbleBox.ai serves startups and scale-ups across sectors like healthcare, eCommerce, logistics, SaaS, and more.

soc2

SOC2 Type 2

USA

4 months

Time to get SOC2 Type 2 report

Ready to get started?
Contact sales 
Challenge

As a full-stack MLOps platform, NimbleBox.ai works extensively with its customers’ sensitive data. It was, therefore, only a matter of time before customers & prospects started asking them about their compliance status. So, while SOC2 was on their mind, they didn’t have a detailed knowledge of security compliance nor the time to dedicate to it.

“Since we deal with sensitive data, we had received suggestions from some of our early pilots about getting security compliant so that customers could trust us with their data. Besides, we were looking for growth opportunities in the enterprise segment. So, SOC2 was a logical way forward for us,” shares Naman Maheswari, Cofounder and COO at NimbleBox.ai. 

NimbleBox.ai needed a solution to get them their SOC2 attestation without investing a lot of time and resources. 

As a startup, you are constantly moving fast and breaking things. We knew we needed SOC2 but wanted it without our entire team working on it.

Solution

NimbleBox.ai chose Sprinto to launch its SOC2 program following recommendations from other founders and peers who had successfully completed their compliance programs on Sprinto’s compliance automation platform. 

A compliance expert worked with NimbleBox.ai to integrate their systems and infrastructure with Sprinto’s platform. The platform did the rest with its automated workflows against security controls mapped to SOC2’s Trust Service Criteria. A real-time dashboard updated Naman about the organization’s overall compliance status, highlighting gaps and tasks to move the needle on readiness.

“We loved how Sprinto integrated perfectly with NimbleBox.ai to give us an overview of our security posture. It also pointed at vulnerabilities we didn’t account for,” remarks Chandrani Halder, Head of Product & Security at NimbleBox.ai. 

Instead of involving everyone in the process, we could do it with just one focused resource from our side to run the point. It took less than ten calls with Sprinto to get SOC 2 ready!

Results

NimbleBox.ai achieved its SOC2 Type2 attestation in under four months, including the three-month monitoring period that’s required for a Type 2 audit. “The entire audit experience was smooth, with Sprinto’s CSM handling all the conversations with the auditor. For us, it was minimal work,” adds Chandrani.

The team now falls back on Sprinto’s templates and best practices whenever they need to implement a new process to keep up with industry practices and save time on research. While security questionnaires remain, answering them is “easier and only a matter of uploading the right document/policy”. 

“Now, when we get into calls with clients and prospects, we are much more confident about our software and competing with the big guys. And we compete with some heavily-funded businesses across the world,” observes Naman.

With its technical resources managed from Sprinto’s platform, NimbleBox.ai is now looking to get ISO 27001 compliant. “Sprinto has helped us streamline our processes and our operations – from hiring evaluations to ensuring our architecture is foolproof with no leakages.” 

Sprinto knew exactly what it was doing. The requirements were clearly spelled out in the 10 hours of prep work to get audit-ready. Our entire experience was full of aha moments, from onboarding to implementation to audit.