Overview
AppFolio is the technology leader powering the future of the real estate industry. Their innovative platform and trusted partnership enable their customers to connect communities, increase operational efficiency, and grow their business.
Service Provided
- SOC 2
Challenge
Property management software provider AppFolio needed to demonstrate SOC 2 compliance for its Investment Manager (IM) product. Their offering provides data and performance metrics, documents and reports, investment opportunities, and similar information critical for managers of large properties supported by professional real estate investors.
“IM’s competitive landscape looks different than our Property Manager product,” said Senior Engineering Manager Arsenio Santos. “Our competitors are larger companies, but more tellingly, they are all SOC 2 compliant. SOC 2 has become table stakes for IM to do business and bring in new customers.”
Santos said he understood the value of SOC 2 from previous technology companies, where he and his team were able to document key security practices such as clear approval chains, restricted access, and others.
“There’s an initial investment to getting SOC 2 done, but the end result is absolutely worth it.”
Arsenio SantosSenior Engineering Manager, AppFolio
Solution
AppFolio confirmed its SOC 2 compliance with its most recent successful audit with Sensiba (the third the companies had done together). Santos said the process went smoothly, resulting in AppFolio receiving a clean report with no findings.
Santos said the addition of the Vanta trust management platform streamlined the process in several ways, including managing the collection and sharing of evidence.
“Using Vanta was an order of magnitude easier than chasing down documents when the auditors asked,” he said.
In addition to automating portions of the process through the Vanta platform, Santos said the AppFolio team reduced the potential disruptions an audit can cause by identifying routine tasks and the types of information auditors are likely to ask about.
“Our quarterly reviews are a good example of that,” he said. “I schedule recurring tasks in our ticket tracking system so we know something is coming up and we can prepare for it. Knowing we have to review items such as application access makes it more manageable and less disruptive.”
Result
With a successful SOC 2 audit, AppFolio is better positioned to highlight its security practices to potential customers and to compete more effectively. Internally, a successful SOC 2 also helps AppFolio maintain stronger security throughout its technology platforms.
“We’ve added functionality like authentication and logging throughout our product development and engineering efforts,” Santos said. “Every integration and connection in our infrastructure is an opportunity to lose the thread of how tightly we need to control access to our systems, and SOC 2 is a powerful reminder that you can’t just give people access to a tool because they have an AppFolio email address.”
The Vanta platform also helps AppFolio cross-map controls and documents that were reviewed during the company’s SOC 2 audit to other standards and frameworks.
“Some of the evidence that comes up for one framework can be used for others,” Santos said. “It’s really useful to know we’re capturing user access lists or production change logs, which gives us time-saving measures. We can say we have evidence already, let’s use it elsewhere. That comes in handy all the time.”
Santos said companies considering a SOC 2 should consider the process a prudent investment in enhancing the organization’s security and marketplace position.
“Some people think it’ll be a disruption to getting things done, but I’d remind them that easily avoided breaches are a worse disruption,” he said. “Essentially, you’re choosing your battle when to put this work in. Better to do it on your own terms than waiting for a leak that compliance might have prevented had you been minding your Ps and Qs to begin with.”
Ready to get started?
Find out how our GRC team can help you with your compliance. Contact us to learn more about how we can work together toward your goals.
Case Studies
Ready for more inspiration? Dive into additional client success stories where we showcase diverse projects, innovative solutions, and the transformative impact we’ve had on businesses like yours.
