How ZapScale breezed through SOC2 Type 1 and Type 2 audit with Sprinto
India-based ZapScale is in the business of enabling customer success through deep insights. With their easy-to-use, AI-enabled, feature-packed customer success platform, CSMs can track and manage their customer’s ‘health’ to reduce churn, improve retention, and increase upsell.
SOC2 Type 1 & Type 2
India
4 weeks
Time to SOC2 Type 1 audit readiness
5 months
Time to complete SOC2 Type 2 audit
Ready to get started?
Challenge
Bratish Goswami, Co-founder and CTO at ZapScale, is familiar with the general way of audits. “I know firsthand just how extensive and exhausting they can be,” he notes. In the company he founded (and later sold) before ZapScale, Bratish recollects having done this multiple times, for multiple stakeholders – investors included. “We spent over a year burrowing through every nook and corner of the business, and it was not a good experience. We lost our sleep in the whole process.”
When the need for a SOC2 audit came up for ZapScale, Bratish was clear on one thing – he wouldn’t do it alone. “The last time we tried to do it ourselves, we ended up burying ourselves in a mountain of paperwork – there was so much ground to cover,” he recounts. “And while I do not mind doing the paperwork, it can’t be the only thing I do. Given where we are at and the stage of the company, I need to focus on building and selling the product,” he adds.
ZapScale wanted a solution that equipped them with a clear checklist of all compliance tasks. Additionally, they preferred to partner with someone who could ease the burden of completing these compliance tasks.
While ZapScale looked at other security compliance software, Sprinto came recommended by their peers.
A couple of calls with the founders, and I was convinced by Sprinto’s workflow. It was simple and straightforward.
Solution
ZapScale decided to start with a SOC2 Type 1 audit – a point-in-time audit of security control measures – and partnered with Sprinto to implement, monitor, and manage controls across 3 TCSs of SOC2.
Bratish and a program manager participated in completing the necessary requirements of SOC2 compliance, guided by Sprinto’s expert CSM. “We did a couple of kickoff calls and thereafter it was smooth-sailing.”
Sprinto’s automated control monitoring capabilities relieved Bratish and his team from manually keeping a check on ZapScale’s systems and entities for compliance. It automatically alerted ZapScale to instances of non-compliance, prompting remediation instantly. “I like that the platform took the burden off us and gathered compliance evidence automatically,” notes Bratish. “Because in audits there is always a certain uncertainty – what if the audit format is different, what if our evidence is not sufficient? With Sprinto, the format is already there and automation is in place to pull the right data from the right places.”
I am happy with the simplicity of the platform and the way it connects the different parts of our architecture. We still have to do our part – give information and maintain things – but if we do our part correctly, Sprinto will take care of the rest.
Results
ZapScale received its SOC2 Type 1 audit report one month after platform implementation. Immediately, they started with SOC2 Type 2 readiness and a VAPT assessment with one of Sprinto’s channel partners. ZapScale received their SOC2 Type 2 audit report and the VAPT report a couple of months after.
With a SOC2 Type 2 report, Bratish has noticed a sharp improvement in ZapScale’s level of confidence. “Now when we confront the question about our data processes from big cos who care deeply about their data’s sanctity and safety, we feel confident. Approaching these organizations has become easy.”
Since implementation, Sprinto has become ZapScale’s trusted security ops system, helping support good security practices org-wide while ensuring continuous compliance. “Sprinto lives to keep us compliant. Like a personal assistant, it reminds us when (and where) we need to take an action – whether that’s related to infrastructure or access – and nudges us towards it,” notes Bratish. “There is a lot of trust in the system,” he adds.
With global expansion on the cards, starting with Europe, ZapScale is also eager to scale compliance. “We want to land there with confidence. And we will lean on Sprinto to help us with it.”
If you care to do things by yourself, it helps to have an assistant of sorts. Someone who reminds you what needs to be done and keeps you on track. Sprinto is my trusted assistant – the map of what needs to be done to keep us compliant is extremely clear. It’s money well spent.”
